Brush up on the basics of risk analysis and risk management with the latest installment (pdf file) of CMS' HIPAA Security Series.
Seven papers are planned, with the final paper to address
implementation for the small provider. Here are the topics of the
previous Security Series papers:

1. Security 101 for Covered Entities
2. Security Standards - Administrative Safeguards
3. Security Standards - Physical Safeguards
4. Security Standards - Technical Safeguards
5. Security Standards - Organizational, Policies and Procedures and Documentation Requirements
6. Basics of Risk Analysis and Risk Management
7. Implementation for the Small Provider

A HIMSS study (press release) done this summer showed that many providers are blowing off Security Rules compliance. More here.

[Hat tip: Health Data Management]

UPDATE: And speaking of risks, here's a nice story on one hospital's struggle and eventual solution for spyware.