First few Article Sentences
Many health care providers and other covered entities subject to the Health Insurance Portability and Accountability Act ("HIPAA") have template business associate agreements ("BAA") that focus purely on HIPAA's requirements. HIPAA compliance is, of course, essential, but the universe of laws affecting protected health information ("PHI") is much broader. Covered entities should review their template BAAs and consider expanding their scope to address applicable state breach notification laws as well.