Nicklaus Children’s Hospital

Ensuring compliance with HIPAA-HITECH Security Rule requirements, and preparing to readily and comprehensively satisfy OIG requests in an upcoming audit.

“Nicklaus Children’s initially engaged Clearwater to complete important HIPAA Security Rule compliance and risk analysis work in 2012. Their team exceeded our expectations and, as validation of our confidence in them, we engaged them again in 2014 to complete that work again, as required in the regulations. Consummate professionals with exceptional customer service.”

- Jose Perdomo, MHSA; JD
Chief Ethics and Compliance Officer


“It [the audit] went really well! The auditors were very complimentary and impressed.... The PowerPoint really helped us to answer questions before they were asked. On behalf of the Nicklaus Children’s team, I would like to take this opportunity to thank you for all your assistance and guidance. Your input really helped us to successfully culminate this process.”

- Angelica Hoyos
IT Business Development Analyst


At a Glance:

  • Nicklaus Children’s Hospital (NCH), part of the Miami Children’s Health System, is a world leader in pediatric healthcare. With a medical staff of more than 650 physicians and over 3,500 employees, the hospital is renowned for excellence in all aspects of pediatric medical care from birth through adolescence offering more than 40 pediatric specialties and subspecialties.
  • As a recipient of Florida’s Medicaid Incentive Payments for Electronic Health Records and as part of the Adopting, Implementing or Upgrading (AIU) Incentive Program, Nicklaus Children’s is subject to OIG audits to demonstrate meaningful use of certified technologies.


  • To ensure compliance with HIPAA-HITECH Security Rule requirements
  • To readily and comprehensively satisfy OIG requests in an upcoming audit

Clearwater Compliance Solutions:

  • Utilizing Clearwater HIPAA Security Assessment Software, conducted a HIPAA Security Rule WorkShop, assessed Nicklaus Children’s compliance with HIPAA Security Rule
  • Utilizing Clearwater Information Risk Analysis Software, identified and assessed risks to Nicklaus Children’s assets to meet HIPAA Security and Meaningful (MU) requirements
  • Utilizing Clearwater audit experience and expertise and to describe the security work completed, prepared responses and presentations for upcoming OIG audit




  • Completed a rigorous compliance assessment as required by the HIPAA Security Rule regulation for a Security Evaluation (45 C.F.R. § 164.308(a)(8))
  • Established a compliance baseline score; identified and prioritized compliance remediation activities
  • Completed a bona fide risk analysis as required by the HIPAA Security Rule Requirement (45 C.F.R. § 164.308(a)(1)(ii)(A)) and MU Stage I and II requirements
  • Identified high-risk exposures and prioritized mitigation activities to reduce those exposures
  • No adverse findings or remediation requirements resulting from OIG Audit