HHS Finalizes Comprehensive Modifications to HIPAA Regulations in Omnibus Final Rule


On Thursday, January 17, 2013, the Department of Health and Human Services Office for Civil Rights (“HHS”) released in pre-publication form the rule commonly known as the “HIPAA Omnibus Rule,” which we refer to below as the “Final Rule.”

As summarized in a prior alert, on July 14, 2010, HHS published its notice of proposed rulemaking (“NPRM”) entitled “Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act” (“HITECH”). Further, as summarized in another alert, on August 24, 2009, HHS published its Interim Final Breach Notification Rule (the “Interim Breach Rule”). This Final Rule, to be published in the Federal Register tomorrow, finalizes (i) changes in the NPRM, with some modifications, (ii) changes in the Interim Breach Rule, with some modifications, and (iii) the changes previously proposed to HIPAA under the Genetic Information Nondiscrimination Act (“GINA”).

The Final Rule will be effective on March 26, 2013. Covered entities and business associates must comply with the Final Rule within 180 days, or by September 23, 2013. HHS has provided a longer compliance timeframe for certain other requirements, such as required changes to business associate agreements. All modifications to the Enforcement Rule, which governs the compliance responsibilities of covered entities during the enforcement process, will be effective on March 26, 2013.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ropes & Gray LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.