Ted Augustinos, a member of the steering committee of Edwards Wildman's
Privacy and Data Protection Group and its Breach Response Team, wrote an article about healthcare breaches for the International Association of Privacy Professionals (IAPP). In the article, "Healthcare Breaches Under the Final Omnibus Rule
," Augustinos discussed how among the changes facing healthcare providers upon the September 23 compliance date of the Final Omnibus Rule adopted by the Department of Health and Human Services (HHS) to modify the HIPAA privacy, security and enforcement rules, the most burdensome and significant may be the expansion of the universe of reportable data breaches by reversing—or clarifying—presumption under the harm threshold and the imposition of liability for business associates that act as agents of the covered entity. The HHS Office for Civil Rights characterizes the rule as “the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.” These changes will, among other things, increase the exposure of covered entities and business associates in data breaches.