As a start-up tech company, you’ve likely poured hundreds of hours into the development and testing of a marketable product, and have pitched your idea to countless investor groups and prospective customers. After your product is launched and customers are being signed up, a whole new set of concerns will present themselves. For start-ups targeting customers in the healthcare industry, these concerns will likely include the adoption of critical compliance and risk mitigation protocols mandated by HIPAA for the so-called “Business Associates” of “Covered Entities.”

In the wake of an historic, multi-state lawsuit filed against a “Business Associate” earlier this month, it is imperative that companies with business associate agreements (BAA) in place with health care/plan customers review internal data security policies and procedures to ensure they are in compliance with their obligations arising under HIPAA, state privacy laws and the BAAs.