Idaho Health Care Provider Fined for Lack of HIPAA Risk Assessment By Ana C. Shields on January 4, 2013 Posted in Privacy Our colleague at the Workplace Privacy Blog has reported that a health care provider in Idaho (a HIPAA-covered entity) was fined for not conducting a required risk assessment. For details, click here.