Today, healthcare organizations are faced with a growing trend of sharing confidential health information with vendors (business associates) in order to meet critical business needs. Yet from a risk management perspective, little if any assessment of business associate compliance is performed, leaving little assurance of sound compliance practices by the business associate handling patients’ confidential health information.