All covered entities and business associates are required to have a named privacy and security officer for their company. I have worked in healthcare privacy and security for 6 years developing program requirements to meet HIPAA privacy and security rule requirements a very large health system. I've noticed that many of the business associates - particularly for small entities - in the healthcare industry are woefully unprepared to meet obligations under HIPAA that went into effect September 2013. I am looking for opportunities to help other companies to meet these obligations and prepare for regulatory audits.