Our colleague at the Workplace Privacy Blog has reported that a health care provider in Idaho (a HIPAA-covered entity) was fined for not conducting a required risk assessment. For details, click here.