Security Risk Analysis Archives

HIPAA for the Clinician, Part 4, What an OCR Investigation Looks Like

by Will Evertsen - May 20, 2026May 21, 2026 044

HIPAA for the Clinician, Part 4, What an OCR Investigation Looks Like will evertsen Introduction Most covered entities have a vague, uncomfortable sense that an OCR investigation is something to be avoided. Fewer still have a clear picture of what one involves, how it starts,

What the Change Healthcare Attack Should Have Taught Every Covered Entity

by Will Evertsen - May 19, 2026May 21, 2026 030

What the Change Healthcare Attack Should Have Taught Every Covered Entity will evertsen Introduction On February 21, 2024, Change Healthcare went offline. The ransomware attack that took it down was not subtle. Within hours, claims processing across thousands of practices, hospitals, and pharmacies ground to

Your Completed Risk Assessment Just Became a Liability

by Will Evertsen - April 27, 2026 062

Your Completed Risk Assessment Just Became a Liability Will Evertsen Introduction A data breach hits your practice. OCR opens an investigation. You pull out your completed Security Risk Analysis, hand it over, and wait for the process to run its course. After all, OCR has

HIPAA for the Clinician, Part 1: What You’re Actually Responsible For

by Will Evertsen - April 6, 2026April 6, 2026 0373

HIPAA for the Clinician, Part 1: What You’re Actually Responsible For Abstract This is the first installment of “HIPAA for the Clinician,” a series dedicated to cutting through the noise around healthcare compliance and giving practitioners a clear-eyed view of what the law