I don’t usually comment on these posts, but as a HIPAA compliance practitioner working with covered entities (also business associates) I have to take a contrarian view of HIPAA compliance efforts by providers. HIPAA is mostly a “check the box” type of compliance effort, as opposed to building a “culture of compliance.” Most compliance efforts stop at the technology barrier. For business associates, the compliance dynamic is even worse. While the larger BA’s do generally comply, because their focus is generally on the technology, for midsized and smaller BA’s , in most cases know the CE will take at face value that the BA is compliance. But there is a reason about 30% (by number) of all breached are caused by BA’s