Clearwater HIPAA Security Risk Analysis Self-Review™

Your Information

Please complete the form below before we get started! Note: an asterisk (*) indicates that a response is required.

First Name *This question is required.

Last Name *This question is required.

Organization *This question is required.

Business Email *This question is required.

Title *This question is required.

Phone

This Clearwater HIPAA Security Risk Analysis Self-Review™ was developed based on: 1) Our clients having completed/presented comprehensive risk analyses that have met/exceeded OCR requirements; 2) Our deep, expert understanding of OCR risk analysis guidance; and, 3) Our deep, expert understanding and practical application of NIST SP800-30 upon which the OCR risk analysis guidance is based.

Immediately upon completion of this self-review, you will receive:

Your Risk Analysis Self-Review score, presented on a scale from 0 (Failed) to 5 (Successful) and rounded-down to make it conservative.
A PDF report, via email, showing your responses and any comments/notes you have made as you completed the self-review.
Access to information that may further assist you in completing a HIPAA Security Risk Analysis.

For each Risk Analysis Essential Criteria, rate the extent to which your organization is adopting, implementing or achieving that criteria by indicating a response on a six-point rating scale to each underlying question:

Not adopted, implemented or achieved (0% or Failed!)
Minimally adopted, implemented or achieved (20%)
Partially adopted, implemented or achieved (40%)
Largely adopted, implemented or achieved (60%)
Almost fully adopted, implemented or achieved (80%)
Fully adopted, implemented or achieved (100% or Success!)

Using the results from this web-based evaluation tool, you are able to determine a score for each of the ten Risk Analysis Essential Criteria, and an overall Clearwater HIPAA Security Risk Analysis Self-Review score vis-a-vis these criteria.

The ten Risk Analysis Essential Criteria that are assessed are derived from:

The Risk Analysis implementation specification language at 45 CFR §164.308(a)(1)(ii)(A) of the HIPAA Security Rule;
The methodology outlined in the HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”;
The underlying NIST Special Publications for performing a risk assessment and, specifically NIST SP 800-30 “Guide for Conducting Risk Assessments”;
the documentation found in OCR investigation letters and "OCR Resolution Agreements / Corrective Action Plans".
The "OCR Audit Protocol – Updated April 2018" specific to Risk Analysis and Risk Management.
Our work with numerous organizations subjected to OCR enforcement actions that included reviews of organizations' risk analyses.