On January 25, the Federal Register published the final rule from the Department of Health and Human Services’ Office for Civil Rights (OCR) modifying the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The rule broadly impacts HIPAA and components of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Genetic Information Nondiscrimination Act (GINA) of 2008. In this Nashville Medical News article, Alisa Chestler discusses the regulatory changes that his final rule will put into effect, including a change regarding breach notifications. "There is an affirmative responsibility on the part of covered entities to let you know when your information has been compromised,” Ms. Chestler said. “However, covered entities used to be allowed to do a 'risk of harm' analysis . . . . Now everything is presumed a breach unless the entity can demonstrate there is a low probability the information has been compromised based on a risk assessment of four factors."