© Clearwater Compliance LLC | All Rights Reserved
Managed Compliance Services
Clearwater Compliance LLC
May 2014
1
Bob Chaput, MA, CISSP, HCISPP, CIPP/US CEO & Founder
Clearwater Compliance LLC 615-656-4299 or 800-704-3394
© Clearwater Compliance LLC | All Rights Reserved
HIPAA-HITECH Credentials
2
• Since 2010 • ~350 Customers; across US • Compliance Gap Assessments | Risk Analyses |
Technical Testing | Policies & Procedures | Training | Remediation | Executive Coaching | BootCamps | Business Associate Management
• ~20 Audits & Investigations currently • Raving Fan customers!
Helping YOU Become and Remain Compliant
© Clearwater Compliance LLC | All Rights Reserved
3
© Clearwater Compliance LLC | All Rights Reserved
What Makes The Leader
4
2. We only work with clients who insist on becoming and remaining compliant (no box checkers)
3. We’re healthcare executives helping other healthcare executives (we left the kids on the bus)
4. We religiously follow the Regs / Rules and industry-recognized Standards (we don’t make CSF-stuff up)
1. Our industry-leading web-based software operationalizes your program (no DOA PDF reports)
© Clearwater Compliance LLC | All Rights Reserved
Managed Compliance Services Engage Virtual Compliance
Officer Access Complete Team of
Experts Design & Operationalize
Compliance Program Address All Three
Regulatory “Pillars” Adopt Continuous Process
Improvement Approach Receive Ongoing
Maintenance, Updates & Support Obtain Full Support in
Breaches or OCR Audits / Investigations
5
Fishing Expedition
© Clearwater Compliance LLC | All Rights Reserved
Managed Compliance Services
6
• Systematic, Sustainable Programmatic Approach…
• Under Clearwater Leadership and Guidance…
Ongoing Support and Guidance Start Year 1 Year 2
• Re-Inventory PHI & ePHI • Re-Inventory BAs • Re-Assessments • Remediation Plans • Policies & Procedures
Review • Business Associate
Management • Training Update
• Oversight • Inventory PHI & ePHI • Inventory BAs • Assessments • Remediation Plans • Policies & Procedures • Business Associate Management • Training
• Re-Inventory PHI & ePHI • Re-Inventory BAs • Re-Assessments • Remediation Plans • Policies & Procedures Review • Business Associate Management • Training Update
© Clearwater Compliance LLC | All Rights Reserved
Comprehensive in Scope
7
… all regulations … all dimensions
© Clearwater Compliance LLC | All Rights Reserved
The Results Tangible, Discernible Work Products … and Compliance Risk Management Process / Council
PHI and ePHI Asset Inventories
Ongoing Key Assessments & Risk Analyses
Practical, Executable Corrective Action Plans
Policies and Procedures
Trained and Aware Workforce
Ongoing Program Monitoring
Support for Audits and Reviews
Strategic Management of Compliance
Proactive, Customer-focused Approach
Vibrant, Comprehensive Program 8
© Clearwater Compliance LLC | All Rights Reserved
The Value Created Tailored to Your Unique Business Requirements… Senior Compliance Expert assigned as your
Virtual Compliance Officer
Deeply experienced multi/disciplinary team
Guidance and advice at every step
Access to and use of proven processes, software, tools and templates
Holistic, comprehensive programmatic approach
Clearwater Certificate of Completion™
Audit support and advice
High quality, managed costs and delivered at your pace
Compliance | Readiness | Peace of Mind 9
© Clearwater Compliance LLC | All Rights Reserved
The Pricing Tailored To Your Desired Investment & Timing Accommodates Complete Outsource or Staff Augmentation
1Includes all Clearwater Software, Tools & Templates, Workforce Training and Secure Data / PM Room 2Out-of-Scope, additional work is billed at this fee 3Fees reflect discount off normal rates in exchange for 2-year commitment 4Companies with 50 or fewer workforce members 10
© Clearwater Compliance LLC | All Rights Reserved
The Technology Included
11
All Clearwater Industry-Leading Software, Tools & Templates and Training is Included (partial list)
MSRP
Clearwater HIPAA Security Assessment™ 3,950 $
Clearwater HIPAA Privacy and Breach Notification Assessment™ 3,950 $
Clearwater HIPAA Security Risk Analysis™ 4,950 $
Clearwater HIPAA-HITECH Strategic Alignment™ survey instrument 1,000 $
Clearwater HIPAA-HITECH Culture of Compliance™ survey instrument 1,000 $
Clearwater HIPAA-HITECH ReadinessCheck™ survey instrument 1,000 $
Clearwater HIPAA-HITECH Covered Entity Omnibus ReadinessCheck™ survey instrument 1,000 $
Clearwater HIPAA-HITECH Business Associate Omnibus ReadinessCheck™ survey instrument 1,000 $
Clearwater HIPAA-HITECH Oversight Council Charter™ 300 $
Clearwater HIPAA Security SMB Policies & Procedures™ 995 $
Clearwater HIPAA Privacy SMB Policies & Procedures™ 995 $
Clearwater HIPAA Privacy Policies & Procedures™ - CE Edition 1,495 $
Clearwater Breach Notification PnP ToolKit™ 395 $
22,030 $
SOFTWARE COSTS
© Clearwater Compliance LLC | All Rights Reserved
Protect Revenues, Assets & Reputation
Empower Market-facing Staff with Competitive Advantage
Turn Compliance into Strategic Investment Program with Predictable Costs
Choose Clearwater Compliance
May We Prepare An Agreement for Us? 12
© Clearwater Compliance LLC | All Rights Reserved
Bob Chaput, CISSP, HCISPP, CIPP/US http://www.ClearwaterCompliance.com [email protected] Phone: 800-704-3394 or 615-656-4299 Clearwater Compliance LLC
13
Contact
© Clearwater Compliance LLC | All Rights Reserved
Three Pillars of HIPAA-HITECH Compliance…
14
Priv
acy
Secu
rity
Bre
ach
Not
ifica
tion
… …
HITECH HIPAA
Breach Notification • 6 pages / 2K words • 4 Standards • 9 Implementation
Specs
Privacy Final Rule • 75 pages / 27K words • 56 Standards • ~ 54 “dense”
Implementation Specs
Security Final Rule • 18 pages / 4.5K words • 22 Standards • ~50 Implementation
Specs
OMNIBUS FINAL RULE
© Clearwater Compliance LLC | All Rights Reserved
Policy defines an organization’s values & expected behaviors; establishes “good faith” intent
People must include talented privacy & security & technical staff, engaged and supportive management and trained/aware colleagues following PnPs.
Procedures or processes – documented -
provide the actions required to deliver on organization’s values.
Safeguards includes the various families of administrative, physical or
technical security controls (including “guards, guns, and gates”,
encryption, firewalls, anti-malware, intrusion detection, incident
management tools, etc.)
Balanced Compliance
Program
Balanced Compliance Program
Clearwater Compliance Compass™ 15
© Clearwater Compliance LLC | All Rights Reserved 16
Three Industry-Leading Web-Based Solutions
… to address all regulatory requirements
© Clearwater Compliance LLC | All Rights Reserved 17
• Guided Tour of the Clearwater HIPAA Security Assessment™ Software
• Guided Tour of the Clearwater HIPAA Privacy and Breach Notification Assessment™ Software
• Guided Tour of the Clearwater HIPAA Risk Analysis™ Software
Guided Tours of Clearwater Web-Based Apps
© Clearwater Compliance LLC | All Rights Reserved 18
Inve
stm
ent
Assurance
Three Ways to Engage… to meet your budget and assurance requirements
© Clearwater Compliance LLC | All Rights Reserved
High Value - High Impact
Clearwater WorkShop™ Process
I. PREPARATION A. Plan / Gather / Schedule B. Read Ahead / Review Materials C. Provide SaaS Subscription/Train D. Administer Surveys
II. ONSITE DISCOVERY / ASSESSMENT A. Facilitate & Discover B. Educate & Equip C. Evaluate & Advise D. Gather & Populate SaaS
III. WRITTEN REPORT A. Analyze Findings B. Document Observations C. Develop Recommendations D. Present and Sign Off
19
© Clearwater Compliance LLC | All Rights Reserved 20
“Fishing Equipment”
“Fishing Lessons” “Fishing Charter”
Compliance Solution
Software Subscription
Only
Software Subscription Plus Consulting Days
Software Subscription Plus WorkShop™
• 90-minutes training for as many staff as you wish
• Ongoing technical support
• HIPAA Security Risk Analysis™ - 2-year subscription, paid annually.
• Ongoing software updates.
• Ongoing Community engagement.
• 90-minutes training for as many staff as you wish
• Ongoing technical support • HIPAA Security Risk
Analysis™ - 2-year subscription, paid annually.
• Ongoing software updates. • Ongoing Community
engagement. • Per Diem consulting
professional consulting services to support the risk analysis process. Advice, guidance, review.
• 90-minutes training for as many staff as you wish
• Ongoing technical support • HIPAA Security Risk Analysis™ - 2-
year subscription, paid annually. • Ongoing software updates. • Ongoing Community engagement. • Professional consulting services to
complete the risk analysis process, end-to-end.
• Risk Analysis Report with Findings, Observations and Recommendations.
• Fully-populated HIPAA Security Risk Analysis™ software application.
Included in Solutions
1Does not Include Travel & Living Expenses 2Standard 2-year Agreement; 3-Year term Discount (10%) & Multi-Subscription Discount Available. 3Minimum 2-year Commitment
© Clearwater Compliance LLC | All Rights Reserved 21
“Fishing Equipment”
“Fishing Lessons”
“Fishing Charter”
“Fishing Expedition”
Compliance Solution
Software Subscription
Only
Software Subscription
Plus Consulting Days
Software Subscription
Plus WorkShop™
Managed Compliance Services4
– Includes All Software/Templates
HIPAA Security Risk Analysis™
$4,950 annual
subscription2
$4,950 per year Plus $2,000 per
day
$TBD3, includes SaaS 1st Year
Subscription Fee
Monthly Retainer & Annual Technology Fee Engage Virtual Compliance
Officer Access Complete Team of
Experts Design & Operationalize
Compliance Program Address All Three Regulatory
“Pillars” Adopt Continuous Process
Improvement Approach Receive Ongoing Maintenance,
Updates & Support Obtain Full Support in Breaches
or OCR Audits / Investigations
HIPAA Security Assessment™
$3,950 annual
subscription2
$3,950 per year Plus $2,000 per
day
$21,500, includes SaaS 1st Year
Subscription Fee
HIPAA Privacy and Breach Notification
Assessment™
$3,950 annual
subscription2
$3,950 per year Plus $2,000 per
day
$21,500, includes SaaS 1st Year
Subscription Fee
Investment Considerations1
1Does not Include Travel & Living Expenses 2Standard 2-year Agreement; 3-Year term Discount (10%) & Multi-Subscription Discount Available. 3In order to provide a complete Risk Analysis quotation, we need complete an Information Asset Quick Inventory to properly scope the work. Please visit: http://clearwatercompliance.com/2013/06/risk-analysis-information-asset-quick-inventory-video/ 4Minimum 2-year Commitment
© Clearwater Compliance LLC | All Rights Reserved
Gary Ridner, Principal Consultant MBA, CISSP, CISM, CHPS • 25+ years in Information Systems in a broad range of industries, including
healthcare, financial services, education, and manufacturing • 10+ years specific experience in Information Systems Security • Former positions include IT consulting, project management, and senior IT
leadership roles (VP of Information Systems, VP of Technology, etc.) • Certified Information Systems Security Professional (CISSP), Certified
Information Security Manager (CISM), and Certified Public Accountant (Inactive) • MBA from Vanderbilt University with a concentration in Management
Information Systems
Greg Bassett, VP, Service Delivery MS, PMP, CISSP • 30 years IT experience across a wide range of disciplines and industries, including
healthcare, banking & finance, oil & natural gas exploration, pharmaceutical research & development and federal government
• Global Information Security professional for a Fortune 100 company leading compliance with Information Asset Protection Policies across 40 locations worldwide and more than 20,000 staff personnel)
• 15 years in healthcare information systems • Masters degree in Technology Management • Broad expertise in leading compliance with multiple regulations (HIPAA, SOX, GxP,
PCI, SDLC • Multiple Professional Certifications (CISSP, PMP)
Clearwater Compliance Team
© Clearwater Compliance LLC | All Rights Reserved
Mike Neal, Principal Consultant HCISPP • 15+ years in Information Technology and Security • 10+ years in customer-facing consulting roles • Experienced Project Manager • Significant experience delivering healthcare security and compliance solutions
to a diverse clientele • Particularly skilled in identifying business needs and mapping them to strategic
technology solutions
Wes Morris, Principal Consultant CHPS, CIPM • 15+ years in healthcare with specific experience in Mental Health • 10+ years specific experience in HIPAA Privacy • Hospital Privacy Officer experience • Experience as Compliance Team Lead with oversight of 74 U.S. Air Force
hospitals • Certified in Healthcare Privacy and Security (CHPS), and sits on the AHIMA
Examination Development Committee for the CHPS certification exam • Skilled Trainer and Speaker, known for deep understanding of Privacy and
Security
Clearwater Compliance Team
© Clearwater Compliance LLC | All Rights Reserved
Lee Painter, Principal Consultant CISSP, C|EH • 15+ years in Information Assurance and Computer Network Defense • 15+ years training customers on the need to understand and adopt best
practices • Experience as an Information Systems Security Officer for the Dept of
Homeland Security • Passionate Security Professional with a drive to provide not just
knowledge but understanding • Certified Information Systems Security Professional(CISSP) • Certified Ethical Hacker(C|EH)
Chris Dansie, Principal Consultant PhD, CISSP-ISSMP, CHP, MCSE • Consultant-Clearwater Compliance LLC • 17+ years in Information Technology • Internet Entrepreneur | Technologies | Advisor • Multiple software start-up companies • 15+ years experience in architecting, developing, securing and operating SaaS
and web applications • Expertise and focus: emerging technology, information security, compliance,
engineering, data mining
Clearwater Compliance Team
© Clearwater Compliance LLC | All Rights Reserved
Jim Vincent, Principal Consultant MHA, CHPS, CHC • 25+ years of diversified experience in the health care industry, including
delivery of clinical (nursing) care, management of human resources and personnel programs, and health care operations management
• 10 years experience implementing and managing enterprise-wide HIPAA privacy and security compliance programs, and assisting individual covered entities to achieve compliance through SME support and tailored compliance strategies
• Extensive experience investigating allegations of non-compliance/preparing written responses to HHS/OCR inquiries
• Extensive experience assessing, documenting, and responding to potential breaches of protected health information (PHI)
• Seasoned academic instructor and trainer
Clearwater Compliance Team
© Clearwater Compliance LLC | All Rights Reserved
Bob Chaput, CEO & Founder MA, CISSP, HCISPP, CIPP/US • 30+ years in Business, Operations and Technology • 20+ years in Healthcare • Executive | Educator |Entrepreneur • MA, BA - Mathematics • Global Executive: GE, JNJ, HWAY • Responsible for largest healthcare datasets in world • Numerous Technical Certifications (MCSE, MCSA, etc.) • Expertise and Focus: Healthcare, Financial Services, Retail, Legal • Member: IAPP, ISC2, HIMSS, ISSA, HCCA, ACHE, AHIMA, NTC, ACP,
SIM Chambers, Boards
Mary Chaput, Chief Financial and Compliance Officer MBA, HCISPP, CIPP/US, CIPM • 18 years in Health Care • 13 years as CFO of a public company; 12+ years with GE • Former EVP, CFO and Compliance Officer for Healthways, Inc. • Former VP, CFO for ClinTrials Research, Inc. • Business executive with over 25 years of domestic and international financial
management and operational experience • BA Mathematics, MBA, GE Financial Management Program • Expertise and Focus: Healthcare, Due Diligence, Analytics, Legal • Member: Healthways Foundation Board, Women Business Leaders
Clearwater Compliance Team
© Clearwater Compliance LLC | All Rights Reserved
Jon Stone, VP Product Innovation MPA, PMP • 25+ years in Healthcare in the compliance, provider, payer and healthcare quality
improvement fields • Innovator | Strategic Program Manager | Consultant | Executive • 15+ years of strategic leadership for compliance and Healthcare information technology
projects involving sensitive ePHI for companies such as CIGNA, Healthways and OPTUMInsight
• PMP, MPA - Healthcare Policy and Administration • Business Passion: Driving business and technology solutions for improving healthcare
operations and outcomes • Play Passion: Cycling and Oil Painting
Kathy Ebbert, EVP & Chief Operating Officer • 30+ Years Executive Leadership Roles in Service Delivery, Operations &
Technology • 13+ Years Healthcare Data Privacy & Security Oversight • President & CEO at Achieve CCA, Inc. • Former SVP Business Technology, Healthways • Former EVP, Operations at Evolved Digital Solutions, Inc. • Consistent track record of accelerating revenue and improving profits while
leading B2B service organizations through critical transformational initiatives • Steering Committee, Medical Identity Fraud Alliance • Entrepreneurial, energetic and decisive leader
Clearwater Compliance Team
© Clearwater Compliance LLC | All Rights Reserved