Why Do HIPAA Risk Analyses Miss the Mark So Often?

2 hours ago bankinfosecurity

Common Weaknesses Healthcare Providers Must Overcome to Avoid Regulators' Wrath Marianne Kolbasuk McGee (HealthInfoSec) • August 19, 2025

Federal regulators are constantly finding that many HIPAA regulated entities conduct sloppy security risk analyses, if conducted at all. (Image: Getty Images)

Federal regulators have long pushed HIPAA-regulated organizations to improve their security risk analysis to ensure it's comprehensive, enterprise-wide and timely so they can identify security issues before they become data breaches.

Department of Health and Human Services regulators have decried the poor state of risk analysis in healthcare through awareness campaigns, random audits, breach investigations and heightened enforcement actions including fines and corrective action plans.

So, why do so many organizations struggle with this top HIPAA priority?

According to the experts, many healthcare organizations somehow haven't gotten the message about risk analysis, or they completed ...

Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE

Share: