405(d) HICP Assessment

Demonstrate that federally recognized cybersecurity practices are in place, helping protect your organization from attack.

The Best Way to Assess and Demonstrate 405(d) HICP Adoption

 Adopting a recognized security framework, like 405(d) HICP, is no small task but doing so positions your organization favorably in the case of an Office for Civil Rights inquiry or investigation as well as questions from investors, cyber insurers, and other interested third parties. Most importantly, it drives better protection of your systems and data.

Still, it isn’t enough to put the framework in place; you need to have a way to identify gaps between your current adoption and the specifications of the framework. You also need a way to organize, document, and report on your progress. The Clearwater team can help. Our 405(d) HICP assessment includes an evaluation and documentation of how the organization is following the sub-practices of all ten cybersecurity practices as relevant for your organization’s size: small, medium or large so you can bridge any gaps and have easy reporting when you need it.

Protect your organization and position it for cybersecurity success.

405(d) HICP is among the recognized security practices of covered entities and business associates when determining fines and penalties related to a breach of protected health information.

This means that by demonstrating that recognized security practices have been in place for at least 12 months, healthcare organizations can position themselves to reduce fines and penalties, shorten or terminate audits, and mitigate remedies that would otherwise be involved in resolving potential violations of the HIPAA Security Rule.

The top-rated Security Advisors and Consultants by Black Book Research and powered by our IRM|405(d) HICP™ software, we’ll help you evaluate your organization’s performance relative to 405(d) HICP and identify gaps that put the organization at risk.

Assessment Components


Documentation requests, provision the IRM|405(d) HICP™ software subscription, and prepare the workforce for interviews


Deliver a Comprehensive Findings, Observations, and Recommendations (FOR) Report providing additional insights and specific actions that can be taken to strengthen your practice of HICP.


Facilitate interviews and discussion, collaborate with your organization’s subject matter experts and document findings in IRM|405(d) HICP.


Final reporting and a board-level presentation of findings, observations, and recommendations

Featured Experts

Our experts leverage decades of experience to support your organization’s unique cybersecurity and compliance strategy.

SME Highlight


Jon Stone is the Senior Vice President and Chief Product Officer for Clearwater. In this role, he leads product innovation […]

Read More

SME Highlight

Lori Hessey

Lori Hessey is the Director of Customer Success at Clearwater, bringing Clearwater customers over 18 years of experience in customer […]

Read More

Why Clearwater?

Drawn from different disciplines, our 405(d) HICP consultants are some of the best in the field.

We understand the highly complex regulatory landscape and have the skills and expertise to navigate your team through it to ensure long-term compliance.


Want to Know More?

Contact Us


Clearwater helps hospitals and health systems approach their cyber risk management programs with purpose and confidence through our ClearConfidence managed services program. ClearConfidence provides you with a dedicated team of cyber risk management experts you can trust to help you identify, prioritize, and manage cyber risk across your enterprise on a continuing basis.

We lay the foundation for best practices and help you maintain them while ensuring the right investments for minimizing cyber security risk.

Featured Resources

With Us