IRM|405(d) HICP™

Demonstrate your organization’s use of recognized security practices, like 405(d) HICP.

We Can Help

You’ve worked hard to establish recognized security practices of 405(d) HICP. Still, for an OCR investigation, you must also demonstrate that these healthcare cybersecurity practices have been in place for at least 12 months.

IRM|405(d) HICP helps you assess and show your implementation of Recognized Security Practices defined in the 405(d) Health Industry Cyber Security Practices (HICP) Guide by identifying program and process gaps and informing remediation planning.

Run an assessment against the 10 best practices relative to your organization’s size.

Realize the benefits outlined in 405(d) HICP, one of two recognized security practices under Public Law 116-321, an amendment to the HITECH ACT.

IRM|405(d) HICP displays findings in a dynamic dashboard. All assessment documentation is available in a central, secure location and can be used to prepare for an audit or investigation.

By law, the Department of Health and Human Services (HHS) must consider these recognized security practices when making specific determinations in conjunction with an audit or investigation and for other purposes.

Assessment Wizard

Walks the assessor through the process in an easy-to-use interface

Relative Assessments

For small, medium, or large health organizations, as categorized by the HICP Guide

Dynamic Updates to Your Executive Dashboard

Consolidated Findings/Gaps

Easily managed and tracked through remediation steps

Documentation Storage & Prep

Stored in a central, secure location

See the Clearwater Difference

What Our Customers Say

We really enjoyed working with everyone on the Clearwater team and feel that the consulting engagement and IRM|Pro® software solutions have been key foundations for building our ongoing compliance initiative.

Cynthia Bradford Lencioni

Chief Operating Officer, Pulsara

405(d) HICP Assessment

Our 405(d) HICP assessment includes an evaluation and documentation of how your organization is following the sub-practices of all ten cybersecurity practices as relevant for your organization’s size: small, medium or large.

With Us