Will Evertsen, Author At GlobalRPH

HIPAA for the Clinician, Part 4, What an OCR Investigation Looks Like

by Will Evertsen - May 20, 2026May 21, 2026 047

HIPAA for the Clinician, Part 4, What an OCR Investigation Looks Like will evertsen Introduction Most covered entities have a vague, uncomfortable sense that an OCR investigation is something to be avoided. Fewer still have a clear picture of what one involves, how it starts,

HIPAA for the Clinician, Part 3 Business Associate Agreements – What They Must Contain and Why Most Don’t

by Will Evertsen - May 20, 2026May 20, 2026 040

HIPAA for the Clinician, Part 3 Business Associate Agreements – What They Must Contain and Why Most Don’t Will evertsen Introduction Your billing company has handled your claims processing for six years. You trust them. They know your payers, your codes, your quirks. When you

What the Change Healthcare Attack Should Have Taught Every Covered Entity

by Will Evertsen - May 19, 2026May 21, 2026 033

What the Change Healthcare Attack Should Have Taught Every Covered Entity will evertsen Introduction On February 21, 2024, Change Healthcare went offline. The ransomware attack that took it down was not subtle. Within hours, claims processing across thousands of practices, hospitals, and pharmacies ground to

HIPAA for the Clinician, Part 2: The Security Risk Analysis You’re Probably Not Doing Correctly

by Will Evertsen - May 6, 2026 0199

HIPAA for the Clinician, Part 2 The Security Risk Analysis You’re Probably Not Doing Correctly Will Evertsen Introduction The questionnaire arrives in your inbox from your EHR vendor. It’s labeled something like “Annual HIPAA Security Assessment” or “Compliance Review Checklist.” You spend twenty minutes clicking

Your Completed Risk Assessment Just Became a Liability

by Will Evertsen - April 27, 2026 064

Your Completed Risk Assessment Just Became a Liability Will Evertsen Introduction A data breach hits your practice. OCR opens an investigation. You pull out your completed Security Risk Analysis, hand it over, and wait for the process to run its course. After all, OCR has

Small Practice, Big Target: Why Solo and Group Practices Are Healthcare’s Most Vulnerable Entities

by Will Evertsen - April 22, 2026April 22, 2026 0447

Small Practice, Big Target: Why Solo and Group Practices Are Healthcare’s Most Vulnerable Entities Will Evertsen Introduction You run a small practice. You see patients, manage a lean staff, keep the lights on, and do your best to stay current on clinical obligations. Cybersecurity, if

HIPAA for the Clinician, Part 1: What You’re Actually Responsible For

by Will Evertsen - April 6, 2026April 6, 2026 0376

HIPAA for the Clinician, Part 1: What You’re Actually Responsible For Abstract This is the first installment of “HIPAA for the Clinician,” a series dedicated to cutting through the noise around healthcare compliance and giving practitioners a clear-eyed view of what the law

Your EHR Is Not Your Compliance Program

General Topics

by Will Evertsen - March 16, 2026March 20, 2026 0992

Your EHR Is Not Your Compliance Program The call to the EHR vendor’s support line goes something like this: A practice administrator has just received an OCR data request letter and is trying to figure out what documentation they need to produce. Somewhere in the conversation, they ask the support rep

Securing Success: How Cybersecurity Practices Drive Improved Patient Outcomes

by Will Evertsen - July 19, 2023July 24, 2023 0913

Securing Success: How Cybersecurity Practices Drive Improved Patient Outcomes When considering patient outcomes, one of the things that probably doesn’t come to mind is cybersecurity. After all, that’s computer stuff, not patient stuff. Or is it? Patient outcomes are a critical measure of the effectiveness of medical interventions and the overall