In today’s ever-expanding digital age, enforcement and oversight of covered entities (CEs) and business associates (BAs) is more rigorous than ever. The Office of Civil Rights (OCR) continues to levy increasing penalties for failing to protect Protected Health Information (PHI) and increase enforcement for violations of the Health Insurance Portability and Accountability Act (HIPAA). In 2013, the Department of Health and Human Services (HHS), released its final omnibus rule relating to these requirements. Changes incorporated into the final rules include: 1) Improved patient privacy protections; 2) New rights for individuals over health information; 3) Greater limitations on using personal health information; 4) Required accountability over service providers; and 5) Increased diligence when assessing potential privacy or security breaches. In addition to issuing enhanced rules for privacy and security of personal health information, HITECH mandates HHS to provide for periodic audits of covered entities to assess their compliance, not only with privacy and security rules, but also with breach notification standards.