A data breach is just one trigger that results in a HIPAA audit. Complaints by patients (whether justified or not) as well as the new HIPAA Audit Program launching fulling in 2017 are all subjecting previously ignored entities to extensive and costly audits. As a result of past breaches and this new program, covered entity's service providers ("Business Associates") are being included in this review. If one Business Associate is non-compliant, your practice is non-compliant. Therefore, it's important to ensure the compliance of those you do business with, in addition to training your own staff.