shutterstock_578953048 (1)

A recent breach at Connally Memorial Medical Center in Texas was caused by an individual who lost a laptop that had PHI on an unencrypted drive. The individual was not employed by the hospital, but rather by a business partner or in HIPAA parlance, a business associate . The resolution to the incident was for Connally to update their business associate agreement.  But does a business associate agreement protect an organization from damage to their reputation?