As much as we love to write about HIPAA on the Health Law and Policy Matters blog, HIPAA is only half of any privacy law analysis – especially in the event of a data breach. Health care organizations must always be mindful of state data privacy, security, and breach reporting laws. To assist in this effort, Mintz Levin has prepared, and recently updated, its state law Data Breach Matrix. The Data Breach Matrix lists state-imposed breach reporting requirements, which may, in addition to HIPAA, be triggered in the event of a loss of protected health information and may impose additional reporting requirements. The Matrix is a valuable resource kept current by Cynthia Larose, Chair of our Privacy and Security Practice and Editor of our Privacy and Security Matters blog.