In a session at the AHLA annual conference updating attendees on HIPAA breach notification and OCR enforcement activity, the panelists presented an interesting statistic- while only 22% of large data breaches are caused by business associates, they impact 56% of affected individuals. The panelists stated that it is very important that covered entities have strong business associate agreements that contain specific provisions regarding notification of potential breaches to the covered entity. According to Adam Greene, JD, MPH, breach notifications may represent the biggest risk for covered entities. All covered entities should be vigilant in the negotiations with business associates.