Why do HIPAA’s privacy and security requirements cover some health care  entities and not others? How might an entity not covered by HIPAA pose a  risk to a health care provider or organization? 

In addition to the privacy and security of confidential patient  information, what are some other risks in a health care organization,  both legal and ethical, that arise from using health IS/IT? Provide  examples to support your response.