HIPAA has a long history in the world of IT compliance.  From the initial release of the HIPAA Security Rule in 2003 through the passage of the HITECH Act in 2009, information security professionals in the healthcare industry have focused on implementing controls designed to protect the confidentiality, integrity and availability of electronic protected health information (ePHI).  The Department of Health and Human Services’ (HHS) January 2013 release of the HIPAA Omnibus Rule starts the next chapter in HIPAA compliance initiatives.

The new omnibus rule technically went into effect in late March, but organizations subject to HIPAA have until September 23, 2013 to become fully compliant with the new regulation.  For security practitioners, there are two particular points of interest: the rule’s new view on data breaches and the expansion of HIPAA’s provisions to business associates.  In this tip, we look at these two changes and their impact on IT professionals in detail.

Read more: Complying with the HIPAA Omnibus Rule

Published April 2013 on SearchSecurity.com