Last year’s passing of the new HIPAA requirements signaled the government’s concern that individually identifiable health information needs stronger protection beyond the borders of the healthcare industry. HIPAA already recognized this need by imposing obligations on covered entities and their business associates in prior versions of the rule. In the latest rule update, however, the US Department of Health and Human Services, among other things, expanded the definition and responsibilities of business associates and now made them directly liable for HIPAA noncompliance.