The HIPAA Privacy and Security final rule, also known as the HIPAA Omnibus Rule, became effective on March 26. The new rule changes the breach notification process, shifting the burden of proof to providers who must now prove their innocence when patient data is breached. Providers and their vendors have 180 days to comply or risk enforcement actions and penalties. The addition of business associates under the rule could catch companies off guard and unprepared. The Office for Civil Rights has already prosecuted five covered entities, indicating increased enforcement going forward. Providers should conduct risk assessments and ensure their vendors are protecting personal health records according to the new rule.
![](https://healsecurity.com/wp-content/uploads/2024/07/group-ibs-threat-intelligence-and-defence-centre-equip-undergraduates-with-sophisticated.jpg)
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some