CMS Would Drop Security Risk Analysis from Interoperability Score


David Gacioch and Edward Zacharias said that an inadequate risk analysis is one of the most commonly alleged HIPAA violations. “I don’t think there has been enough education around what constitutes a compliant risk analysis from the government’s perspective,” Mr. Zacharias said. “Some of the guidance has been confusing.”