Changes with HIPAA-2

• Clarifies the definition of a breach
• Requires patients be notified when a breach has occurred  
• Increases fines and penalties for a breach
• Patients can request an audit trail showing any access to their electronic record
• Assigns personal legal responsibility to the person who breaches  PHI
• Requires reporting to the federal Department of Health and Human Services