Kevin is a featured writer for TechTarget.  Here is is latest column:


A few months ago, I wrote an article about the practice of non-attorneys consulting on HIPAA business associate agreements. After talking with scores of people about the article, I’ve concluded the issue of ethical and professional duty wasn’t discussed as it should have been. Readers, including IT professionals (who are or wish to be dealing with HIPAA-regulated entities), security and HIPAA consultants, and attorneys, etc., had some strong opinions about the article. They didn’t fully agree, of course, but they held common ground in their denial about their ethical and professional — and sometimes statutory — responsibilities.