Skip survey header

Clearwater HIPAA Security Risk Analysis Self-Review™

Your Information

Please complete the form below before we get started! Note: an asterisk (*) indicates that a response is required. 

This Clearwater HIPAA Security Risk Analysis Self-Review was developed based on: 1) Our clients having completed/presented comprehensive risk analyses that have met/exceeded OCR requirements; 2) Our deep, expert understanding of OCR risk analysis guidance; and, 3) Our deep, expert understanding and practical application of NIST SP800-30 upon which the OCR risk analysis guidance is based.

Immediately upon completion of this self-review, you will receive:

  • Your Risk Analysis Self-Review score, presented on a scale from 0 (Failed) to 5 (Successful) and rounded-down to make it conservative.
  • A PDF report, via email, showing your responses and any comments/notes you have made as you completed the self-review.
  • Access to information that may further assist you in completing a HIPAA Security Risk Analysis.

For each Risk Analysis Essential Criteria, rate the extent to which your organization is adopting, implementing or achieving that criteria by indicating a response on a six-point rating scale to each underlying question:

  • Not adopted, implemented or achieved (0% or Failed!)
  • Minimally adopted, implemented or achieved (20%)
  • Partially adopted, implemented or achieved (40%)
  • Largely adopted, implemented or achieved (60%)
  • Almost fully adopted, implemented or achieved (80%)
  • Fully adopted, implemented or achieved (100% or Success!)

Using the results from this web-based evaluation tool, you are able to determine a score for each of the ten Risk Analysis Essential Criteria, and an overall Clearwater HIPAA Security Risk Analysis Self-Review score vis-a-vis these criteria.

The ten Risk Analysis Essential Criteria that are assessed are derived from:

  1. The Risk Analysis implementation specification language at 45 CFR §164.308(a)(1)(ii)(A) of the HIPAA Security Rule;
  2. The methodology outlined in the HHS/OCR Guidance on Risk Analysis Requirements under the HIPAA Security Rule
  3. The underlying NIST Special Publications for performing a risk assessment and, specifically NIST SP 800-30 “Guide for Conducting Risk Assessments”;
  4. the documentation found in OCR investigation letters and "OCR Resolution Agreements / Corrective Action Plans"
  5. The "OCR Audit Protocol – Updated April 2018" specific to Risk Analysis and Risk Management. 
  6. Our work with numerous organizations subjected to OCR enforcement actions that included reviews of organizations' risk analyses.