The 5 Stages of HIPAA Business Associate Grief

Since the release of the HIPAA Final Omnibus Rule in January of this year, HIPAA Business Associates around the US have been scrambling to figure out what it means for their business, their processes and their future.  The overall effect of the new rules will be big and BA’s have been progressing through the normal stages of grief.


We have seen a lot of writing out there from organizations that seem to be in denial that they now have added responsibilities under the new provisions. The attitude seems to be, compliance isn’t a problem until I have a breach or I get audited.

What’s HIPPA? Oh no, I’m not a Business Associate, I’m just a subcontractor.  I just transfer PHI, I don’t actually use it!  Don’t worry, my BAC resolves me of all responsibilities.


Just read some of the comments on the recent news articles outlining the changes you will see the anger.  Or you can hang out in one of the many new HIPAA for Business Associates LinkedIn groups.

This is outrageous! I have to read all 500+ pages of this new rule?  Do they make a books-on-tape version? 


Beware of the snake oil salesman!  Since the passage of the Final Rule, the healthcare consulting world has exploded with “experts” offering “HIPAA compliance” in a box.  A quick one stop solution for your compliance needs.  The reality? A HIPAA Compliance program must be approached holistically and specifically shaped to meet the individual needs of an organization. True compliance is an ongoing effort, not a one day fix.

I will just take this online class, run this software program and become HIPAA complaint.  It even comes with a printable certificate of compliance!


We actually can’t talk about which Business Associates have shown signs of depression, because you know… HIPAA.


The 5th and final stage has finally arrived for most Business Associates and there is good news.  If you were doing the right things around privacy, security and breach notification prior to the new rules and had a good relationship upstream with your CE you should be in good shape.  Even if you are new to the rule changes, there are a lot of great resources out there to get you started.  Take a step back and breathe…  now create a game plan and ask the experts.

About Data Breach Watch Administrator

, , ,

No comments yet.

Leave a Reply