"The HIPAA regulations as compared to most other security regulations demand the basic foundational requirement of implementing a security program," says Chaput. Basing their solutions around a four-step risk management methodology, Clearwater Compliance has embraced the National Institute of Standards and Technology (NIST) security framework. After gauging a client’s risk appetite, Clearwater Compliance designs an overall risk strategy, followed by a methodical process conducted on the client’s unique assets to gain a clear and comprehensive understanding of assets, threats and vulnerabilities. The outcome of which is called the risk register, which is an enumeration of the client’s most-to-least serious risks. On the basis of the risk register, a risk response plan is devised where the client takes an informed decision on how they want to tackle each risk by accepting, avoiding, mitigating and/or transferring it. Finally, the efficacy of the controls put in place are monitored and validated to create a baseline and ongoing dashboard of success.
In addition, a large part of Clearwater Compliance’s approach is grounded in educating organizations on data protection through a series of complimentary webinars, workshops, Blue Ribbon Panel forums and BootCamp events.
In one instance, as part of the HITECH Act, a large metropolitan children’s hospital was provided incentives to implement an electronic health records system. The organization was striving to identify any compliance and security gaps and at the same time complete the risk analysis to successfully develop a remediation plan. After completing the Clearwater HIPAA security assessment process and the Clearwater HIPAA risk analysis process, Clearwater Compliance supported them through a federal government audit, and redeveloped remediation plans. With Clearwater’s help, the client received their incentive money and improved the security posture of the organization. "We execute every single project with a goal of exceeding customer expectations,” says Chaput.
By employing a risk management strategy, Clearwater Compliance’s tools largely help organizations establish, implement, and mature their security program
Steering his company with a sense of humility, Chaput considers this integrity approach a driving factor behind Clearwater’s success. The company plans on improving the agility of their solutions, scaling into larger enterprises. Going ahead, Clearwater Compliance will also continue to offer scalable enterprise-class SaaS platforms.