On January 25, 2013, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) published the long-awaited omnibus final regulation governing health data privacy, security and enforcement (Omnibus Rule). The Omnibus Rule is a group of regulations that finalizes four sets of proposed or interim final rules, including changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act and proposed in 2010; changes to the interim final breach notification rule; modifications to the interim final enforcement rule; and implementation of changes to the Genetic Information Nondiscrimination Act of 2008 (GINA). The Omnibus Rule goes into effect on March 26, 2013, and compliance is required by September 23, 2013. As expected, the Omnibus Rule did not finalize the May 31, 2011 proposed regulation regarding accounting for disclosures.

As was made clear by the statutory mandate of HITECH, the most significant changes involve business associates who are now directly subject to the mandates of the HIPAA Privacy and Security Rules and HIPAA enforcement. In addition, covered entities will need to carefully evaluate changes to the breach notification rule, individual rights, additional requirements for Notices of Privacy Practices (NPPs) and the parameters around the use of protected health information (PHI) for marketing and fundraising.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.