The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.
Failure to conduct a risk assessment has been a weakness repeatedly identified in HHS breach investigations involving organizations of all sizes, including in the recent $16 million HIPAA settlement with Anthem (see Anthem Mega Breach: Record $16 Million HIPAA Settlement).
David Finn’s comments are featured in this article.
![Marti Arvin, Adam Greene and Joan Podleski on COVID-19 Disclosure Issues [Podcast]](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fcontent.cdntwrk.com%2Ffiles%2FaHViPTcyNjQ5JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVlZDkyYTU4ZDNhMjIucG5nJnZlcnNpb249MDAwMCZzaWc9NWI2OTBlZTMyZWM2NzFjMDY1NWYzNDFkMzAxMGZmYTg%25253D&size=1&version=1591290549&sig=44969a78dea6445fdec0f0af9721b183&default=hubs%2Ftilebg-blogs.jpg)
