RiskWatch for HIPAA Compliance™ is the top-rated total HIPAA compliance software that meets the risk analysis requirement and also does a TOTAL HIPAA COMPLIANCE ASSESSMENT! Use it on your laptop, desktop, server or over the web. RiskWatch for HIPAA Compliance™ includes the entire HIPAA standard and NIST 800-66 and questions are separated by role including Medical Records, Clinical Staff, Database Administrator, etc. RiskWatch worked with regulators and auditors to make sure your RiskWatch for HIPAA Compliance™ assessment will stand up to the strictest audit. It also includes a Project Plan (in MS Project and Excel) so you can plan every aspect of your project. RiskWatch for HIPAA Compliance™ writes all the reports for you automatically -- including charts, graphs and detailed information. The Case Summary Report includes Compliance vs. Non-Compliance graphs, where the non-compliance came from, how compliance matches requirements, and answers mapped by individual name or job category. The report can be edited to add photos, network diagrams, etc. RiskWatch for HIPAA Compliance™produces many other reports, including recommendations for improving your compliance profile. It also provides recommendations for risk mitigation and shows potential solutions by Return On Investment. Most importantly -- RiskWatch for HIPAA Compliance™ creates management level reports with complete audit trails and easy to understand recommended mitigation solutions included, and ranked by Return On Investment. Data can also be ported directly in your Business Continuity and Disaster Recovery plans. Now also Includes Pandemic Flu Assessment! Consistently rated as the best software for HIPAA compliance, RiskWatch for HIPAA Compliance™ is used by hundreds of hospitals, health plans, insurance companies, academic medical centers and consulting organizations to meet HIPAA requirements. RiskWatch users include University of Miami, Sparrow Hospital, BlueShield of California, University of New Mexico, University of West Virginia, Harvard Pilgrim, Sisters of Mercy and St. John\'s Hospital.

1. Software for HIPAA Compliance and Enterprise Risk Analysis R ISK W ATCH ®

2. Tally of improperly accessed UCLA patient records tops 1,000 The number of patients whose hospital records were improperly accessed by employees at the UCLA Hospital System has topped 1,000, state officials said Wednesday. Kathleen Billingsley, director of the California Department of Public Health’s Center for Healthcare Quality, said the records of 1,041 patients have been breached, up from 939 in the state’s last report in August. The total number of UCLA workers who have been disciplined for breaching patient records now stands at 165, up from 127 since August.

12. Data Aggregation & Analysis Patient Info. Software Automatically Analyzes Over 3 Million Linking Relationships Risk = Asset  Loss  Threat  Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control

13. RISKWATCH ® Risk Assessment Process Automated Survey Management Process Management Data Aggregation & Analysis Content (Rules & Data) Risk Analysis Customization Reporting Respondents Analyst

14. RiskWatch Clients

18. Progress at a Glance – Tracks the Case

19. ELEMENTS OF A METRICS-BASED RISK ASSESSMENT APPROACH ASSETS THREATS VULNERABILITIES LOSSES SAFEGUARDS

21. Use Inventory Information or Asset Configuration Tool based on Standard Capital Expenditures Allocation Tables

23. THREAT TABLE IS FULLY CUSTOMIZABLE BY THE USER BASED ON INCIDENT DATA OR PEN TEST DATA

24. INCLUDES ALL RELEVANT VULNERABILITY AREAS

26. Each question uses actual security regulations as control standards and is linked to appropriate Functional Areas

27. Respondents Can Answer Questions over the Web with full ASP functionality

29. INCLUDES ALL RELEVANT IT CONTROL CATEGORIES

30. EACH POTENTIAL SAFEGUARD INCLUDES DEFAULT VALUES FOR COST, MAINTENANCE AND LIFE CYCLE

32. The Case Summary Report Is Pre-Written for Management

33. EASY TO UNDERSTAND GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE

34. Vulnerability Distribution Report Shows the Weak Compliance by Requirement

35. Track Compliance by Individual 26 % - Computer Security Manager 27 % - ISO Compliance Officer 12 % - CTO 11 % - Finance 10 % - Security Engineer 6 % - Systems Administration 3 % - CTO 3 % - CEO 1 % - Remaining (Other)

36. Vulnerability reports include complete audit trails and powerful analysis tools

37. SAFEGUARD REPORT -- RECOMMENDED CONTROLS BY RETURN ON INVESTMENT

38. Demonstrates Overlapping Layers of Protection by Implementing Top 20 Controls

40. RiskWatch, Inc. [email_address] Caroline Hamilton 410-224-4773 x105 www.riskwatch.com