The HIPAA Omnibus Rule, which went into effect on Sept. 23, 2013, and has been enforced by federal regulators since September 2014, mandated several key HIPAA compliance changes.Most notably, the rule made business associates directly liable for HIPAA compliance and also stated that security incidents involving protected health information are presumed to be reportable HIPAA breaches unless organizations can demonstrate using a four-factor assessment that risks of PHI compromise are low.”Although many organizations did not immediately grasp the omnibus rule changes in determining whether an incident is a breach, industry understanding has improved along with better reporting,” says Kate Borten, president of privacy and security consulting firm The Marblehead Group.

Source: Click here