CalHIPSO, the largest federally-designated Regional Extension Center (REC) in the United States, and ClearDATA, a healthcare cloud services and security vendor, agreed to a partnership late last week. Part of the agreement will entail ClearDATA providing HIPAA-compliant cloud hosting, offsite backup, disaster recovery (DR) and HIPAA privacy and security services to CalHIPSO’s 8,500 providers in 56 counties throughout California.

CalHIPSO is one of 62 federally-designated RECs and a not-for-profit organization founded by the California Primary Care Association (CPCA), the California Medical Association (CMA) and the California Association of Public Hospitals and Health Systems (CAPH). Beyond just HIPAA security services, CalHIPSO made the decision to pair up with ClearDATA because of its other privacy and security offerings, such as DR. “They don’t only provide privacy and security services, they also provide and strengthen hosting applications and disaster recovery,” said Karynsue Rose-Thomas, CalHIPSO Chief of Business Development.

Rose-Thomas also cited ClearDATA’s privacy and security experience. Christopher G. Bowen, CPO (Chief Privacy Officer) and Co-founder, is one of only 2,500 Certified Information Privacy Professionals in the US (CIPP/US) by the International Association of Privacy Professionals, and one of only 621 CIPPs with the IT certification. And ClearDATA has worked with the Office of the National Coordinator for Health Information Technology (ONC) Privacy and Security work group at various points. This type of experience is invaluable when a government entity such as the Centers for Medicare and Medicaid Services (CMS) or the Department of Health and Human Services (HHS) visits a provider and audits their security policies and capabilities.

“We wanted to ensure that when we were looking at someone to partner with, their application was definitely going to meet any sort of audit presented to that provider,” explained Rose-Thomas.
For example, a provider may not have a policy for signing a confidentiality waiver and asks CalHIPSO what that would look like. The REC would help them with how to get that policy initiated and detailing the ins and outs of following the policy. Also, in working on a security risk analysis (SRA) with a provider, CalHIPSO and ClearDATA would be providing remediation that would be exclusive to them, based on size and need. “The first gap analysis that we do for the SRA really sets us up to share with them what they need to meet the CMS audit standards,” said Rose-Thomas.