So often I hear people complaining about HIPAA in that it needs to be upgraded, modified, etc…and then when I am privy to what BAAs are doing to comply with HIPAA I see most of this comes from folks that don’t comply with HIPAA and are looking for some type of “sounds good” reason to move to a HIPAA 2.0.

In my view, with respect Business Associates (BAs) and HIPAA…which first people out there need to stop telling BAs that they need to comply with all of HIPAA…the Security Rules represent what is often present in most well run IT shops.

It’s that simple and basic. Now are there people that may find or use the idea that HIPAA is overly complex and burdensome for some other means? Of course…I hear it on webs and read it on blogs every day.