While reviewing the 2013 changes to HIPAA, we came upon this interesting bit of economic impact analysis early in the document. A table is presented called “Estimated Costs of the Final Rule”. Within this table, an estimated cost is presented for┬áSecurity Rule Compliance by Business Associates, expected to apply to between 200,000 and 400,000 business associates of covered entities that were not previously directly liable for HIPAA compliance. The table lists this estimated cost as between $22.6 million and $113 million. I believe this cost is not remotely realistic. Let’s do a little math to figure out these costs per organization. How about a best case scenario, where we spend the least amount of money getting the largest number of[…]