Skip to main content
Compliance & Legal

HIPAA Omnibus Rule

The 2013 rule that finalized HITECH changes and made business associates directly liable under HIPAA.

The HIPAA Omnibus Rule, finalized in 2013, implemented the statutory changes from the HITECH Act and made business associates, along with their subcontractors, directly liable for HIPAA compliance.

It also strengthened patient rights, tightened the definition of a reportable breach, and expanded the requirements that must appear in a Business Associate Agreement (BAA). For hosting providers, the Omnibus Rule is why a signed BAA is non-negotiable.