HIPAA Compliance and the Limits of Gap Analyses | Practical Law
The Department of Health and Human Services (HHS) has addressed the differences between risk analyses and gap analyses for covered entities and business associates complying with the security requirements for electronic protected health information (ePHI) under the Health Insurance Portability and Accountability Act (HIPAA). This Article discusses the limits of gap analyses in the HIPAA context and key characteristics of a HIPAA risk analysis.