Law360, New York (February 6, 2015, 11:35 AM EST) -- Potential liability associated with the Health Insurance Portability and Accountability Act for all entities covered by the law, including both business associates and covered entities, has never been greater. In 2013, the law was modified by the Final HIPAA Omnibus Rule, which, among other things, lowered the threshold for what constitutes a reportable security breach under HIPAA. Further, the U.S. Department of Health and Human Services' Office for Civil Rights has ramped up its enforcement efforts over the last several years, meaning that more entities are being investigated and penalized for violating HIPAA. Additionally, OCR recently announced its intentions to resume HIPAA audits in the near future, and thus all persons and entities covered by the law, both "covered entities" and "business associates" alike, are subject to government review of applicable policies, procedures and practices. Given this landscape, now is an ideal time for entities covered by HIPAA to consider their HIPAA infrastructure and take steps to reduce potential liability....