The final regulations from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities of business associates, all of whom are significantly affected by the rule.
OCR Director Leon Rodriguez declared that the new provisions in the Omnibus Rule “not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of [OCR] to vigorously enforce the HIPAA privacy and security protections.” The official press release announcing the Omnibus Rule confirms agency enforcement positions previously hinted at by HIPAA-related agency leaders, such as extending liability under HIPAA to business associates and subcontractors. But additionally, the press release gives the following preview to the other “sweeping changes” under the rule, including...
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
Topics: Business Associates, Compliance, Covered Entities, Data Breach, Data Protection, HHS, HIPAA, HIPAA Omnibus Rule, Notice Requirements, Notifications, OCR, Patient Privacy Rights, PHI, Subcontractors
Published In:
Administrative Law Updates, Health Law Updates, Privacy Updates, Science, Computers & Technology Updates
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Mintz Levin - Privacy & Security | Attorney Advertising
