Former Office for Civil Rights Director Roger Severino To Discuss Why Healthcare Organizations Fail to Meet their HIPAA Security Obligations

OCR’s Longest Tenured Leader Joins Clearwater Executive Chairman
Bob Chaput for a Special Web Event on September 30

NASHVILLE, TN (September 2, 2021) – Clearwater is honored to announce that Roger Severino, the longest tenured Director in the history of the Department of Health and Human Services’ Office for Civil Rights (OCR) and now a Senior Fellow at the Ethics and Public Policy Center, will join company Founder and Executive Chairman Bob Chaput for a special web event focused on the healthcare industry’s continuing challenges with meeting risk analysis and risk management requirements defined in the HIPAA Security Rule.

OCR issued “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” in July 2010. Yet, healthcare entities struggle to perform this foundational compliance requirement, critical cyber risk management step and socially responsible action. Phase I and II HIPAA audits and more than 100 OCR enforcement actions continue to show that nearly 90% of healthcare organizations failed to meet the HIPAA Risk Analysis requirement and 80% of these organizations have failed to meet the HIPAA Risk Management requirement.

In statements throughout his tenure as OCR Director, Mr. Severino was repeatedly critical of organizations for not performing a risk analysis or taking action to mitigate identified risks. He commented late last year that not implementing HIPAA basics continues to be an “unacceptable and disturbing trend” in healthcare.

During the web event upcoming on September 30, Mr. Severino and Mr. Chaput will discuss the root causes of OCR’s adverse findings and what OCR expects in HIPAA risk analysis and risk management plans.

“While we will be discussing risk analysis and risk management in the context of the HIPAA Security Rule, their importance goes far beyond meeting regulatory requirements,” Mr. Chaput said. “OCR has understood for some time, and Mr. Severino rightfully emphasized during his tenure leading the Office, that enterprise-wide risk analysis and risk management are fundamental to an effective cybersecurity program. With cyberattacks disrupting the healthcare industry at an alarming rate and threatening the safe and effective delivery of care, there has never been a more important time for this discussion. We greatly appreciate the former Director joining us to share his insight and perspective on the subject.”

“HIPAA Security Rule compliance has only become more important over time, yet healthcare providers have not kept up,” Mr. Severino said. “I look forward to sharing with Bob our combined wisdom on what can be done to address this pressing problem.”

To learn more and register for this free web event, visit or contact Clearwater at


Clearwater is the leading provider of cybersecurity, risk management, and HIPAA compliance software, consulting, and managed services for the healthcare industry. Our solutions enable organizations to avoid preventable breaches, protect patients and their data, meet regulatory requirements, and optimize cybersecurity investments. More than 400 healthcare organizations, including 70 of the nation’s largest health systems and a large universe of physician groups and digital health companies, trust Clearwater to meet their cybersecurity and compliance needs. For more information about Clearwater, please visit

Mr. Severino currently directs the HHS Accountability Project at the Ethics and Public Policy Center.




Sign up to receive our monthly newsletter featuring resources curated specifically to your concerns.

Related Blogs

With Us