For security teams, it means ‘eye-rolling and gnashing of teeth.’  Torie Jones, former chief privacy officer at University of Pennsylvania Health System, had an ironclad rule in place for her staff: “No PHI in the cloud until you have a BAA in place.” Read the Healthcare IT story