The HIPAA Omnibus Rule clarifies that business associates must comply with every aspect of the HIPAA Security Rule. The beefed-up BA requirements come just in the nick of time because so many organizations are using the services of cloud vendors. “There is not crystal clarity in the new rule as to who is going to be responsible and liable when there’s a problem,” Deven McGraw says. The new rule calls for ramping up of enforcement and heftier penalties for violations.”]
Source: https://www.cuinfosecurity.com/blogs/security-highlight-hipaa-omnibus-p-1431