I'm on the "configuration management" team which, among other things, means I'm responsible for R&D systems, like: source control, issue tracking, team collaboration (wiki), etc.
These are not production, customer systems with any patient or transactional data.
Every time I talk about migrating these R&D systems to hosted services (we're running a small data center on-premises) I get a lot of heat about HIPAA and business associates agreements.
I read a little on business associates and it doesn't seem to me to apply to these R&D systems.
Any advice?
