The HHS Office for Civil Rights (OCR) released the long-awaited HIPAA Omnibus Final Rule on January 17, 2013. The Omnibus Final Rule modifies:
-
The HIPAA Privacy, Security, and Enforcement Rules to implement statutory requirements of the HITECH Act;
-
The rule governing Breach Notification for Unsecured Protected Health Information to address comments received on the interim final rule; and
-
The HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act.
In addition, OCR has included certain other modifications to these rules to improve their workability and effectiveness and to increase flexibility for and decrease the burden on regulated entities.
The Omnibus Final Rule becomes effective on March 26, 3013, but covered entities and business associates have until September 23, 2013, to comply (with certain transition provisions for existing business associate agreements). The text of the Final Rule, which will be published in the January 25, 2013 Federal Register, is available by clicking here. Stay tuned for a King & Spalding Client Alert regarding the Final Rule to be released this week.
Reporter, Susan Banks, Washington, D.C., +1 202 626 2953, sbanks@kslaw.com.