In the Headlines
August 21, 2025

HIPAA Compliance in the Era of OCR's Risk Analysis Initiative

Healthtech Security
Healthcare and privacy attorney Shannon Hartsfield was quoted in a Healthcare Security article about the U.S. Department of Health and Human Services (HHS) Office for Civil Rights' (OCR) heightened emphasis on Health Insurance Portability and Accountability Act (HIPAA) Security Rule risk analyses, highlighted by a $175,000 settlement and detailed corrective action plan (CAP) with a consulting firm stemming from a ransomware attack. The article underscored that covered entities should treat risk analysis as a priority, using enforcement actions and HHS guidance as roadmaps for strengthening policies, asset inventories and ongoing risk management. Ms. Hartsfield commented on the complexity of this task.

"The exercise of conducting a risk analysis is challenging because it almost requires a crystal ball to predict everything that might go wrong with electronic protected health information," she said.

READ: HIPAA Compliance in the Era of OCR's Risk Analysis Initiative

Related Professional

Shannon Britton Hartsfield

Related Practices

Healthcare HIPAA and Healthcare Privacy Healthcare Regulatory Compliance Hospitals and Health Systems Data Strategy, Security & Privacy Healthcare Government Investigations and Audits Consumer Protection Defense and Compliance

Related Industry

Healthcare & Life Sciences

Related News and Headlines