Four Years Since HIPAA Omnibus: What’s Changed?

26 Sep

The HIPAA Omnibus Rule, which went into effect on Sept. 23, 2013, and has been enforced by federal regulators since September 2014, mandated several key HIPAA compliance changes.

Most notably, the rule made business associates directly liable for HIPAA compliance and also stated that security incidents involving protected health information are presumed to be reportable HIPAA breaches unless organizations can demonstrate using a four-factor assessment that risks of PHI compromise are low.

Source: Four Years Since HIPAA Omnibus: What’s Changed?