HIPAA Security Rule Risk Analysis Remains Source of Confusion


David Gacioch and Edward Zacharias explain that widespread confusion in the healthcare industry continues to persist about OCR risk analysis requirements under the HIPAA Security Rule. “I don’t think there has been enough education around what constitutes a compliant risk analysis from the government’s perspective. Some of the guidance has been confusing,” Zacharias said.