The Health Insurance Portability and Accountability Act is a lengthy and arguably cumbersome maze of rules and requirements. Because it's your organization's job to stay compliant, it may seem like a daunting task. Of course, your first step is to fully train all employees on both the HIPAA Privacy and the HIPAA Security rules. Beyond that, it's the organization's job to conduct a formal risk analysis and to ensure that the necessary information safeguards are in place. These steps will greatly limit the risk of a breach. And, if a breach occurs, these processes can limit any fines imposed by the Office of Civil Rights- the enforcement arm of the U.S. Department of Health and Human Services, or HHS. In this course, we're going to talk through HHS recommendations regarding risk analysis.