The document summarizes key implications of the HIPAA Omnibus Rule for organizations that are considered Business Associates. It defines Business Associates and subcontractors as those who create, receive, maintain or transmit protected health information on behalf of covered entities or other business associates. The Omnibus Rule directly regulates business associates and subcontractors under HIPAA, requiring compliance with security and privacy rules. It expands the definition of a breach and penalties for noncompliance, potentially making it more likely organizations will need to notify individuals of breaches. The document provides examples of types of organizations now defined as Business Associates and outlines compliance requirements.