Business Associates - Size Doesn't Matter!

Episode 69: Know The Rules! Business Associates – Size Doesn’t Matter!

Size Doesn’t Matter

That’s right folks – your size doesn’t matter when it comes to HIPAA compliance. When it comes to HIPAA everyone who creates, receives, maintains, stores, and/or transmits protected health information is required by law to comply.

Did You Know?

Business Associates (BAs) were invited to the HIPAA party in February 2013, when the Final Omnibus Rule was introduced and finalized in September 2013. Even after two decades, HIPAA compliance still remains a challenge for many Covered Entities (CEs) and their BAs alike.

From Then Until Now …

As reported by HIPAA Journal in their August 25, 2017, blog post, “HIPAA Business Associate Compliance”:

“In late 2016 – almost four years after the Final Omnibus Rule was enacted – the California Healthcare Foundation funded research into HIPAA Business Associate compliance. In the compilation of the “Business Associate Compliance with HIPAA” report, researchers conducted telephone interviews with sixteen Covered Entities ranging in size from small physician offices to large integrated health systems.

The researchers focused on the number and size of contracted BAs, the types of services performed by BAs, the “sophistication levels” of BAs, and the Covered Entities efforts to conduct due diligence on BAs and oversee HIPAA Business Associate compliance. It is important to note that, in California, BAs may also be covered by the state´s Confidentiality of Medical Information Act (CMIA).”

Not much has changed. A lot of BAs remain unaware of their responsibilities and/or are unsure how to comply with the HIPAA Security requirements in their environment. 


Does this sound like you?

When it comes to the HIPAA Security Rule does this sound like you:

  • » New to healthcare and HIPAA
  • » Feeling overwhelmed (by all the information you need to learn and do)
  • » Unsure of how or where to start

…and now you need to perform a complete and thorough HIPAA Security Risk Analysis?? What the heck does that mean!?


Remember: Keeping your PHI secured and maintaining HIPAA compliance is YOUR responsibility!


Security Incident



For tips like this and more request your copy of “HIPAA Security Rule – Know The Rules!” Newsletter Today.


4 thoughts on “Episode 69: Know The Rules! Business Associates – Size Doesn’t Matter!

  1. […] Hospitalists (ACH), a contractor physician group in West Florida, found out the hard way after a Business Associate (BA) of theirs had a healthcare data breach in […]

  2. […] might seem like an unnecessary activity, however, you will gain valuable insights no matter the size of your […]

  3. […] that said let me take this opportunity to tell you it does NOT matter what size you are, what you do. Even if YOU are the only one who does everything YOU are still required to implement […]

  4. […] on the size of your organization, you may have a team of professionals working with you or you may be a one-stop-shop for all […]