A Comprehensive Summary of the Final Omnibus HIPAA/HITECH Rules: Key Provisions and What They Mean for You


Executive Summary -

On January 25, 2013, the Federal Register will publish final omnibus rules written by the U.S. Department of Health and Human Services (HHS) to modify the HIPAA Privacy, Security, Breach Notification and Enforcement Rules. The modifications implement most of the privacy and security provisions of the HITECH Act and relevant provisions of the Genetic Information Nondiscrimination Act. While some of the rule changes are not surprising, others are very impactful and will markedly change the obligations imposed on covered entities, business associates and subcontractors. Some of the more significant provisions are described here, and a comprehensive review of all the key changes is provided in the pdf. Please feel free to contact us with questions.

Important Deadlines -

The compliance deadline for virtually every provision of these rules is September 23, 2013. A longer period is provided where updates to existing business associate and data use agreements are required; those agreements may not need to be updated until September 22, 2014 provided they are not modified or renewed prior to that date.

Breach Notification -

HHS has eliminated the harm threshold that provided notice of a security breach would only be required if the breach posed a significant risk of harm to affected individuals. It has provided instead that any use or disclosure of protected health information (PHI) that is not permitted by the Privacy Rule will be presumed to be a reportable breach. Covered entities and business associates can defeat this presumption by conducting a risk analysis using factors articulated by HHS, but the agency has made clear its expectation that impermissible uses and disclosures of readily accessible PHI will likely be a reportable breach. This change will mean an increase in the number of breaches reported.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.