In the wake of news that a hacker has accessed over 650,000 medical records, CMS has issued an MLN Matters, Protecting Patient Personal Health Information, to remind physicians and physician practices to report breaches and to keep track of their Business Associates. All Covered Entities should ensure that all Business Associates know of their obligation to report actual or potential security breaches. OCR specifically focuses such caution on Business Associates who provide or support hardware or software related to electronic health records.