Phoenix Health Plan Improves Patient Safety and Quality of Care by Protecting Patient Information

Find out how Phoenix Health Plan strengthened its HIPAA compliance program - helping it safeguard protected health information and improve patient safety.

At a Glance:

  • Phoenix Health Plan was originally launched in 2006 and is an Arizonabased company providing medical, hospital and prescription drug coverage to Arizona Medicare and Medicaid beneficiaries.
  • As an Arizona Health Care Cost Containment System (AHCCCS) contractor, PHP is required to engage an independent 3rd party firm to perform a HIPAA Security Rule compliance audit on an annual basis.


  • To identify immediate remediation for any compliance issues to meet the Arizona Health Care Cost Containment System (AHCCCS) requirements and to comply with the HIPAA Security Rule.
  • To determine if reasonable and appropriate policies and procedures are implemented to safeguard sensitive health information in accordance with HIPAA-HITECH and the Omnibus Final Rules.

Joint PHP and Clearwater Compliance Actions:

  • Assessed organization’s compliance with HIPAA Security, Privacy & Breach Notification Rule as well as compliance to the AHCCCS Standards.
  • Completed HIPAA Security, Privacy & Breach Notification Assessment.
  • Updated program to meet the Omnibus Final Rules.
  • Successfully Completed HIPAA Security Re-Assessment and AHCCCS Security Rule Compliance Checklist on time and within budget.


  • PHP met the requirements of AHCCCS Security Rule Compliance Policy #108 and HIPAA Security Evaluation (45 CFR § 164.308(a)(8));
  • Completed a rigorous compliance assessment vis-à-vis HIPAA Security Rule,
  • Established a baseline score and populated Clearwater’s IRM|Security™ software tool with current compliance status that will enable ongoing compliance management;
  • Clearwater provided independent, objective 3rd party input and recommendations; and,
  • Additionally, although not required by AHCCCS, by conducting the Privacy & Breach Notification assessments, PHP strengthened its overall HIPAAHITECH compliance program.


“When we became aware of the AHCCCS 3rd party HIPAA Security Rule audit requirement, we knew immediately that we should contact Clearwater. The Clearwater team had previously assisted a large number of Tenet-owned providers with privacy, security, compliance and information risk management matters. Even though the specific AHCCCS requirements only included an audit of HIPAA Security Rule compliance, knowing the rigor of their work, we chose to have Clearwater audit our HIPAA Privacy and HITECH Breach Notification compliance at the same time. We gained exceptional peace of mind as the result of their work.”

- Lisa Getzfrid, Enterprise Vice President, Conifer Health Systems, A Tenet Company