Prodigy 13 - logo

HIPAA updates: HITECH, Omnibus, Violations & Fines

Privacy Rule update 2003:

Sets limits on disclosure of ePHI and grants patients certain rights over their health information.

Security Rule 2004/2005:

Creates national standards to protect ePHI that is created, received, used, or maintained by healthcare organizations.

Breach Notification Rule 2009 (HITECH):

Within 60 days of large breaches, organizations must document response and notify the impacted individuals through letters and a press release.

Health Information Technology for Economic and Clinical Health (HITECH) Act 2009 (Signed by Barack Obama).

The Omnibus Rule (2013):

In part, expands certain HIPAA obligations to business associates and their subcontractors, modifies the breach notification standard, expands patient rights to access and to restrict disclosure of protected health information (PHI), imposes new rules governing uses and disclosures of PHI, clarifies enforcement approaches, and addresses obligations under the Genetic Information Nondiscrimination Act of 2008 (GINA)

The Omnibus Rule compels business associates to “report to the covered entity any security incident of which it becomes aware, including breaches of unsecured protected health information as required…” 



Unaware of the HIPAA violation and by exercising reasonable due diligence would have not have known HIPAA Rules have been violated


Reasonable cause that the covered entity knew about or should have known about the violation by exercising reasonable due diligence


Willful neglect of HIPAA Rules with the violation corrected within 30 days of discovery


Willful neglect of HIPAA Rules with no effort made to correct the violation within 30 days of discovery

For the 8th year in a row, healthcare had the highest costs associated with breaches —
$408 per lost or stolen record. This is three times higher than the cross-industry average.

Zero Trust Blog

Get email alerts when we publish new blog articles!

more blog posts:

Cloud Security

Vulnerability Scanning

As a leading cybersecurity company, we provide a comprehensive suite of robust, state-of-the-art Vulnerability Assessment and Scanning services. Our specialty lies in proactively monitoring and

Read More
Cloud Security


AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

Read More