HIPAA Compliance is about complying to the Privacy, Security, Omnibus Final, Enforcement, and Breach Notification Rules.
The Privacy Rule applies to Protected Health Information (PHI) across all media.
The Security Rule applies to Protected Health Information (PHI) across electronic media only.
The Omnibus Final Rule strengthened the Privacy and Security Rules and finalized the Breach Notification Rule.
The Enforcement Rule enforces compliance, investigations, and impositions of civil money penalties for violations of the Administrative Simplification Rules, and procedures for hearings.
The Breach Notification Rule addresses the reporting of breaches of unsecured Protected Health Information (PHI) affecting fewer than 500 individuals, and those affecting 500 or more individuals.
HIPAA Compliance is about Covered Entities securing Business Associate Agreements (BAAs) with their Business Associates, and ensuring that their Business Associates do the same with their subcontractors, when those relationships pertain to the use or disclosure of Protected Health Information (PHI) on their behalf.