The regulatory landscape in healthcare has become increasingly complex, and the culture has shifted from one of compliance to one of enforcement. With the HIPAA Omnibus Final Rule, hospitals face new obligations regarding business associate agreements and Protected Health Information (PHI). Hospitals, business associates, and their subcontractors face severe penalties for breaches, including financial, criminal, and reputational. Thus it is essential that organizations have the proper technology and procedures in place to ensure that sharing information with Business Associates doesn’t put PHI at risk. However, many healthcare organizations have yet to comply.