Resource:

SHIELDS for Families

Learn how SHIELDS for Families successfully identified existing security and compliance gaps and prioritized a remediation plan.


“As a non-profit working with an under served population, we needed to find expert resources to respond quickly and effectively to the data requests and questions from OCR following the theft of a server. With Clearwater’s help, our response was timely, accurate and compelling. Bottom Line: No fines were assessed.”

-Chris Igonia-Mock, JD
Policy Analyst/HIPAA Compliance Officer


 

“Clearwater helped us fine-tune our policies and procedures, and to conduct a risk analysis to ensure other vulnerabilities would not easily be exploited.”

- Patrick Coffin
IT Director


 

At a Glance:

  • Incorporated in 1991, SHIELDS for Families is a community-based, non-profit 501(c)(3) organization serving families residing in South Los Angeles.
  • SHIELDS currently employs over 380 full-time employees with an annual budget of over $28 million to serve 10,000 families annually in 39 programs.
  • Reported a breach to OCR and six months later received an information request list.

Challenges:

  • To respond to a detailed information request list from OCR regarding a breach
  • To establish and declare the organization as a hybrid entity
  • To identify any other security or compliance gaps that exist and prioritize a remediation plan

Clearwater Compliance Solutions:

  • Developed content and organized information to reply to OCR’s requests through research and interviews
  • Completed HIPAA risk analysis using Clearwater’s IRM|Analysis™ software
  • Cross walked Policies and Procedures to the HIPAA regulations and provided recommendations and templates to strengthen
  • Examined organizational structure and programs to define hybrid and HIPAA/ non-HIPAA components

 

RESULTS AND VALUE CREATED:

 

  • No fines, penalties or corrective action plans were assessed by OCR for the breach
  • Met the Security Rule requirement to conduct a comprehensive risk analysis and strengthened SHIELDS security program
  • Established the organization as a hybrid and identified the HIPAA Healthcare Components
  • Strengthened SHIELDS’ compliance program through updated policies and procedures, including incident response