HIPAA Omnibus Final Rule Compliance Date Is Only Two Months Away

The compliance date for the omnibus final rule amending the privacy, security, breach notification and enforcement regulations under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act is less than two months away for health care providers, health plans, other covered entities and their business associates.  The changes require covered entities and their business associates to conduct a security risk assessment; revise their existing privacy, security and breach notification policies and procedures; amend their business associate agreements; and retrain their workforce on the revised policies.

The final rule includes the following changes:

  • Business associates are directly liable for civil money penalties and criminal penalties for violations of the Privacy Rule and Security Rule.
  • The definition of business associate is expanded to include a subcontractor of a business associate so that subcontractors also are liable for violations of the privacy, security and breach notification standards.
  • The definition of a breach of unsecured protected health information (PHI) is revised to make it more difficult for a covered entity or business associate to avoid reporting an unauthorized use or disclosure of PHI to the affected individuals and the Office of Civil Rights.
  • A covered entity generally may not receive cash or other financial remuneration for marketing communications made for a third party’s products or services.
  • Certain restrictions on the use of compound authorizations in connection with research studies were changed in a way that will simplify secondary uses of PHI for research purposes.

 

Topics:  Breach Notification Rule, Compliance, Data Breach, Data Protection, Deadlines, Enforcement, Final Rules, Healthcare, HIPAA, HIPAA Omnibus Rule, Privacy Policy

Published In: General Business Updates, Health Updates, Insurance Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McDermott Will & Emery | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »