In the first part of this 2-part blog , we saw the update about the HIPAA Omnibus Rule and the deadline for compliance (September 23rd). Now, let’s analyze the before & after of this new rule, and if it really applies to you. (Check out the examples given for better understanding.) The Scene Before HIPAA Omnibus… Before this law was enacted, it was the responsibility of healthcare providers (hospitals, clearinghouses, insurance companies, etc.) to report to HHS about any breach into the protected health information (PHI) that they store. And they had to comply with the detailed HIPAA Privacy Rule and HIPAA Security Rule in order to show that the PHI had been properly safeguarded, and not been exposed or manipulated.