Clearwater
  • Managed Services
    • ClearAdvantage® Program
    • ClearConfidence™ Program
    • Managed Cloud Services
    • Managed Security Services
    • Patient Privacy Monitoring Services
    • Vendor Risk Management as a Service
    • Cybersecurity Assist Partner Program (CAPP)
  • Cybersecurity
    • Program Leadership & Transformation
    • OCR-Quality® Risk Analysis
    • OCR-Quality® Risk Response
    • Incident Response
    • Resiliency Services
    • Security Engineering
    • Technical Testing
    • NIST CSF Maturity Assessment
    • Vendor Risk Management
    • Cloud Security
    • Medical Device Security
    • 405(d) HICP Assessment
    • Security Controls Validation Assessment
  • Compliance
    • HIPAA
    • Compliance Program Effectiveness Assessment
    • SOC 2 Readiness
    • HITRUST
    • Additional Privacy & Compliance Assessments
    • CMMC
  • IRM|Pro® Software
    • IRM|Analysis®
    • IRM|Privacy®
    • IRM|Security®
    • IRM|405(d) HICP™
    • IRM|Performance™
  • Who We Serve
    • Hospitals & Health Systems
    • Regional & Critical Access Hospitals
    • Physician Practice Management Groups
    • Digital Health
    • Medical Devices/MedTech
    • Healthcare Business Service Providers
    • Health Plans
    • Healthcare Attorneys
    • Healthcare Investors
  • About Us
    • Company Overview
    • Leadership
    • Mission & Values
    • Careers
    • News
  • Resources
    • Blog
    • Webinars & Events
    • Case Studies
    • On-Demand Webinars
    • White Papers
    • eBooks
    • Podcasts
    • Book: Stop the Cyber Bleeding
    • Book: Enterprise Cyber Risk Management as a Value Creator
  • Contact
Select Page
Business Associate to Business Associate: Selecting an Information Security and Privacy Framework

Business Associate to Business Associate: Selecting an Information Security and Privacy Framework

by Henry Sprafkin | Jun 7, 2021 | Blog

The first two installments in this series focused on risk management and risk-based control selection. While not a requirement, it is best to build the security control library based on an established control framework. There are over 200 different risk management,...
The Realities and Legalities of Risk Analysis and Risk Management in Healthcare

The Realities and Legalities of Risk Analysis and Risk Management in Healthcare

by Jon Moore | May 17, 2021 | Blog

Under the HIPAA Security Rule, covered entities and business associates are required to perform risk analysis on all systems that create, receive, maintain, or transmit electronic protected health information. In 2010, the Office for Civil Rights (OCR) published...
Penetration Testers Offer Real-World Advice About Threats, Securing Your Healthcare Organization

Penetration Testers Offer Real-World Advice About Threats, Securing Your Healthcare Organization

by Chris Dowhan, OSCP, GREM, GWAPT | May 11, 2021 | Blog

Today’s modern threat landscape is constantly evolving. Determined, opportunistic, and well-resourced threat actors continue to develop tools, tactics and techniques aimed at gaining access to systems, stealing data, and/or installing ransomware.  And...
Business Associate to Business Associate: A CISO’s Perspective on Applying Controls to Identified Risks

Business Associate to Business Associate: A CISO’s Perspective on Applying Controls to Identified Risks

by Henry Sprafkin | Apr 21, 2021 | Blog

In my first blog in this series, I focused on how Business Associates can ensure the data they interact with on behalf of customers remains secure and confidential. I shared thoughts on the importance of risk analysis and how to focus resources on the most impactful...
HR 7898: More Incentive for Healthcare Entities to Adopt Cybersecurity Best Practices

HR 7898: More Incentive for Healthcare Entities to Adopt Cybersecurity Best Practices

by Jon Moore | Apr 6, 2021 | Blog

Signed into law by former President Trump on January 5 of this year. HR 7898 is an amendment or provision to the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This new law requires the U.S. Department of Health and Human Services...
« Older Entries

Recent Posts

  • Cybersecurity in Healthcare Private Equity: Insights from Clearwater’s John Santana
  • RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage
  • Cyber Risk Benchmark Report on Healthcare Private Equity-Backed Portfolio Companies | June 4, 2025 | 12pm – 1pm CT
  • Polsinelli Healthcare Dealmakers Conference | May 21–22, 2025 | Dallas, TX
  • McGuireWoods Healthcare Private Equity & Finance Conference | May 14–15, 2025 | Chicago, IL

Recent Comments

No comments to show.
  • Managed Services
    • ClearAdvantage®
    • ClearConfidence™
    • Managed Security Services
    • Patient Privacy Monitoring Services
    • Vendor Risk Management as a Service
    • Cybersecurity Assist Partner Program (CAPP)
  • Cybersecurity
    • Program Leadership & Management
    • OCR-Quality® Risk Analysis
    • OCR-Quality® Risk Response
    • Incident Response
    • Resiliency Services
    • Security Engineering
    • Technical Testing
    • NIST CSF Maturity Assessment
    • Vendor Risk Management
    • Cloud Security
    • Medical Device Security
    • 405(d) HICP Assessment
    • Security Controls Validation Assessment
  • Compliance
    • HIPAA
    • Compliance Program Effectiveness Assessment
    • SOC 2 Readiness
    • HITRUST
    • Additional Privacy & Compliance Assessments
    • CMMC
  • IRM|Pro® Software
    • IRM|Analysis®
    • IRM|Privacy®
    • IRM|Security®
    • IRM|405(d) HICP™
    • IRM|Performance™
  • Who We Serve
    • Hospitals & Health Systems
    • Regional & Critical Access Hospitals
    • Physician Practice Management Groups
    • Digital Health
    • Medical Devices/MedTech
    • Health Plans
    • Healthcare Attorneys
    • Healthcare Investors
    • Healthcare Business Service Providers
  • Resources
    • Blog
    • Case Studies
    • Webinars & Events
    • On-Demand Webinars
    • White Papers
    • eBooks
    • Podcasts
    • Book: Stop the Cyber Bleeding
    • Book: Enterprise Cyber Risk Management as a Value Creator
  • About Us
    • Company Overview
    • Leadership
    • Mission & Values
    • Careers
    • News
    • Contact

Terms of Use  |  Privacy Policy

©2025 Clearwater Security & Compliance LLC