The Office for Civil Rights issued its long awaited final regulations modifying the HIPAA privacy, security, enforcement, and breach notification rules--the HIPAA Megarule. The new HIPAA rules will require revisions to Notice of Privacy Practices, changes to business associate agreements, revisions to HIPAA privacy and security policies and procedures, and an overall assessment of HIPAA compliance. The HIPAA Megarule formalizes the HITECH Act requirements, and makes it clear that the OCRs ramp up of HIPAA enforcement is not merely a passing trend. The new rules underscore that both covered entities and business associates must reassess and strengthen HIPAA compliance.