Skip to main content

Clearwater Compliance announces strategic solution to help hospitals manage evolving cybersecurity risks

Clearwater Compliance, a leading provider of healthcare compliance and information risk management (IRM) services has announced the availability of Cyber Risk Services (CRS), a new managed solution endorsed by the American Hospital Association and designed to help CIOs and CISOs achieve rapid visibility and advancement in the information security compliance and risk management posture of healthcare organizations.  

The highly visible and significant public attention to ransomware attacks in healthcare has accelerated a top-down cyber risk governance process and board-level involvement. While hospital boards focus on strategic direction from a broad high-level perspective, the CIO is focused on a holistic service that will unburden staff and quickly mature their enterprise compliance and cyber risk management program.

“Hospitals are doing more than ever to ensure they continue to protect the confidentiality, integrity and availability of patient information in this rapidly-changing environment of healthcare transformation,” said Doug Shaw, Chief Operating and Development Officer, Health Forum, the strategic business enterprise of the American Hospital Association. “Due to the constantly evolving threats to information security, hospital leaders today need a comprehensive, cost-effective approach to safeguard a hospital’s data, systems and reputation, and we are pleased to endorse Clearwater’s latest solution so hospitals can continue their proactive efforts around cybersecurity.”

Clearwater’s Cyber Risk Services (CRS) solution is backed by front-line, real-world experience with deep information privacy and security skill sets that help hospitals and health systems establish, implement and cost-effectively mature their IRM programs. A three-year program, CRS addresses and advances all aspects of an organization’s IRM program including governance, people, processes, technology and organizational engagement. In addition, in the event of an OCR enforcement action, CRS will provide onsite support in preparing a response and evidence, without additional charge and within two business days, and remain engaged throughout any OCR enforcement process. CRS, which includes Clearwater’s award-winning IRM|Pro software, assists organizations in becoming self-sufficient over the three-year program term. 

“Clearwater is proud to offer hospital leaders a comprehensive, cost-effective approach to ensure patient safety, and safeguard a hospital’s finances and reputation,” said Bob Chaput, CEO and founder of Clearwater Compliance. “Organizations can realize a proven security infrastructure through adoption of the National Institute of Standards and Technology (NIST) IRM approach.”

CRS is designed to maximize knowledge transfer effectiveness by working alongside resource-constrained IT, security and risk management teams. Clearwater healthcare information experts ensure the implementation of industry best practices in cyber risk visibility, help to eliminate process variation and expedite data protection strategies across the entire organization. The CRS proprietary approach draws heavily on the NIST approach to information risk management and is in accordance with guidelines set out by the Office for Civil Rights (OCR).

“Healthcare’s efforts to protect the confidentiality, integrity and availability of patient information in the rapidly changing environment of healthcare transformation and increasing cyber risks are more intensive than ever,” said David Finn, IT Security Officer at Symantec Corporation. “However, those efforts are hampered by the need for additional training and education, time, resources and budget in the area of cybersecurity and information risk management. Healthcare leaders today need a comprehensive, long-term strategy to ensure patient safety and safeguard the organization’s finances and reputations and their patient’s information and care. Information risk management is not a product; it is a process and culture. Clearwater’s solution not only addresses the tactics but also turns it to strategy; it aligns technology and business risk and builds a solid foundation for both.  Not just a solution, it drives evolution so organizations can worry less about cybersecurity and focus on the business—taking care of patients.”

Extending over a three-year period, Clearwater’s CRS program includes:

  • A designated information risk management leader assigned to each customer
  • Annual risk analyses and risk response / management activities
  • Onsite presence to perform risk oversight duties
  • Monthly and quarterly executive reports
  • Annual assessments of the organization’s IRM program maturity
  • Executive and board IRM briefings, as requested
  • Ongoing IRM education and training for staff and executives
  • OCR enforcement assurance
  • Actionable analysis and prioritized recommendations