As a former hospital CISO and current security practitioner, I've seen many approaches to meeting HIPAA risk analysis requirements. Finally, there's a SaaS solution extremely tightly tied to HHS/OCR/NIST guidelines. -- TJ Houske, CISSP, CCNA, CHPSE
Nashville, TN (PRWEB) August 15, 2012
Clearwater Compliance, a leading HIPAA-HITECH consultancy, today announced the launch of the Clearwater HIPAA Security Risk Analysis™, an interactive Software-as-a-Service tool designed to guide companies that handle electronic Protected Health Information (ePHI) to complete a HIPAA Security Risk Analysis required to comply with various regulations.
“Since the HITECH Act passed in 2009, HIPAA compliance has become a fundamental risk management issue for executives in all organizations that create, receive, maintain or transmit ePHI – not just covered entities, but business associates as well,” said Bob Chaput, founder and CEO of Clearwater Compliance. “A long standing requirement under the HIPAA Security Rule requires these organizations to complete a periodic risk analysis to assess all of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the PHI protector. Our risk analysis SaaS navigator simplifies that process, makes compliance less overwhelming by guiding the user through each step of the risk analysis process and stores all information to record risk treatment activities and to ease future risk analyses.”
The Clearwater HIPAA Security Risk Analysis, which is based strictly on HHS/OCR guidance and underlying NIST Security framework special publications, helps companies ensure compliance with compulsory administrative, technical and physical security requirements stipulated in the HIPAA Security Rule and specifically the requirement to complete a Risk Analysis (45 C.F.R. §164.308(a)(1)(ii)(A)). The performance of such a risk analysis is a core objective specified under Meaningful Use Stage 1 and Stage 2 requirements. Independent of healthcare, a risk analysis is a foundational first step in any sound risk management program.
Security Consultant and thought-leader, Kamal Govindaswamy, CISSP, CISA, CIPP, ABCP, evaluated the Clearwater HIPAA Security Risk Analysis and offered, “I would strongly recommend Clearwater’s Risk Analysis solution for not only healthcare organizations, but any organization that wants to manage its information security risks in an effective manner. I believe that the solution will be especially useful for healthcare organizations given Clearwater’s focus and thought leadership on healthcare security and privacy.”
Risk managers utilizing the Clearwater HIPAA Risk Analysis are led through a series of steps that follow HHS/OCR guidance on completing a risk analysis, and the National Institute of Standards and Technology (NIST) security framework. The software records, maintains and presents a complete repository about information assets and media that create, receive, maintain or transmit ePHI and the associated threats, vulnerabilities, likelihood and risk rating. It enables organizations to highlight security control deficiencies and records, then maintains a security risk profile. Subscribers receive monthly updates on HIPAA-HITECH and have access to online and telephonic support and vast privacy, security and data breach resources. Clearwater Compliance continually monitors threats, vulnerabilities and modifications to NIST security controls and updates the risk analysis software in real time to automatically reflect any changes in the threat-vulnerability-controls space.
“As a former hospital CISO and current security practitioner, I've seen many approaches to meeting HIPAA risk analysis requirements. Finally, there's a SaaS solution extremely tightly tied to HHS/OCR/NIST guidelines. The software provides very robust and comprehensive controls coverage, yet is very easy to use,” according to TJ Houske, CISSP, CCNA, CHPSE.
Subscribers to the software will benefit from a “by-the-book” approach to meet HIPAA and Meaningful Use requirements. The software can facilitate informed risk management decision making by enabling prioritization and justification of security investments. It empowers your organization to become self-sufficient in meeting the requirement for a periodic risk analysis as defined in the HIPAA Security Rule and becomes a “living, breathing tool” for ongoing HIPAA security risk management. Ultimately, the software is designed to transform risk analysis from “arts & crafts” to “science and engineering” through a mature, repeatable and sustainable process.
# # #
About Clearwater Compliance: http://clearwatercompliance.com
Clearwater Compliance helps Covered Entities, Business Associates and their Subcontractors assess their HIPAA-HITECH compliance programs, identify gaps and prioritize remediation efforts to ensure the greatest return on capital and resource investments. It delivers that return on compliance investment through education, tools and software, risk management solutions and professional services and consulting. Since 2003, Clearwater Compliance has delivered thought, methodology, software and service leadership to the healthcare industry. As an example, Clearwater Compliance is the Co-Sponsor of the American National Standards Institute Publication of the Report on “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security”. For more information, visit: http://ANSI.org/PHI.