**2.4 Reported data breach counts per state sorted by number of reports**

Another element tracked on the HHS portal is the presence of business associate agreements (BAA). A provider enters into a BAA with an outside party when an outside party receives access to the provider's ePHI. A properly written BAA somewhat "protects" the provider if the outside party breaches the ePHI. **Figure 4** [6] shows state BAA presence notated with by the HHS portal with either a "yes" or "no." The portal reports are not described, so the research below shows the categorical data as posted to the portal.
