Clearwater Compliance Releases Risk Analysis White Paper and Buyer’s Guide Checklist

Share Article

Tools Assist Covered Entities and Business Associates Avoid One of Most Common Reasons for HIPAA Audit Failures

News Image
Recently released findings from the Department of Health and Human Services’ Office for Civil Rights (OCR) showed that 68% of audited Covered Entities failed to complete an authentic risk analysis.
– Bob Chaput, CEO

Clearwater Compliance CEO Bob Chaput today announced the availability of the firm’s free, web-accessible HIPAA Risk Analysis White Paper and Buyers Guide Checklist. Designed to help Covered Entities and Business Associates select credible partners for assistance in managing their HIPAA Compliance Program, this new offering is the latest in a series of Clearwater releases designed to help HIPAA-affected organizations mount meaningful and effective compliance programs.

“The promulgation of the HIPAA Omnibus Final Rule last month seriously raised the stakes for Covered Entities and Business Associates,” Chaput noted. “Recently released findings from the Department of Health and Human Services’ Office for Civil Rights (OCR) showed that 68% of audited Covered Entities failed to complete an authentic risk analysis. Further, public statements from OCR officials have emphasized the importance of completing this core Security Rule requirement and indicated the possibility of risk analyses becoming the area of focus for the next round of audits. That focus on HIPAA Risk Analysis is no surprise since, to date, every Settlement Agreement/Corrective Action Plan entered into by the OCR cites failure to do a real HIPAA risk analysis."

“While there are some entities that manage their compliance program on their own, most call on the resources of an outside organization to assist in the effort,” Chaput added. “The results of the OCR audit make it clear that not all entities are being well-served. Unfortunately, in this market in which new “expert” players emerge every week – some of which spell HIPAA with two Ps – we have neither a third-party standards setting organization nor an independent entity providing purchasers with meaningful customer service ratings. The obvious and unfortunate results of this ‘caveat emptor’ environment are failed audits, investigations and breaches due to failures to adequately analyze threats and vulnerabilities in controls necessary to secure Protected Health Information (PHI).

“While we are pleased that none of the cited entities in the most recent OCR audits were our customers,” Chaput concluded, “we are distraught about the statement the OCR HIPAA audit findings make about our industry and, more importantly, about the degree to which individual PHI is at risk for disclosure. We hope that our Buyers” Guide will serve to better educate purchasers about the capabilities their partners need to bring to the table and, as a result, enable all of us to rapidly close this and other critical gaps in their compliance programs.”


About Clearwater Compliance:
Clearwater Compliance, LLC, is all about and only about helping healthcare organizations and their service providers become and remain HIPAA-HITECH Compliant. Owned and operated by veteran, C-suite health care executives, Clearwater Compliance provides comprehensive, by-the-regs software and tools, risk management solutions, training, and professional services for small medical practices and healthcare startups to major healthcare systems, health plans and Fortune 100 companies. Since 2003, the company has served more than 250 organizations (including 100 hospitals). Find out more at

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Elaine Axum
Follow us on
Visit website