The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.
Failure to conduct a risk assessment has been a weakness repeatedly identified in HHS breach investigations involving organizations of all sizes, including in the recent $16 million HIPAA settlement with Anthem (see Anthem Mega Breach: Record $16 Million HIPAA Settlement).
David Finn’s comments are featured in this article.