b'Too many healthcare organizations conduct a HIPAA compliance assessment instead of a comprehensive risk analysis, says security specialist Dave Newell, who also points out other common mistakes.'