Re: Good for consumers, but the burden falls on IT to ensure compliance!
If I was a Florida business, I'd probably begin by limiting my partnerships. I'd definitely work with a proven, third-party expert in auditing, security, risk, and compliance to review business associate agreements. I'd imagine large hospitals are really scrutinizing their partners -- and perhaps those smaller partners that survive that scrutiny can then use this as a marketing tool in some way. After all, if you are strong enough to pass XYZ Hospital's risk/security/compliance benchmarks, then it must say something about your technologies, processes, and procedures?