At long last, after much delay and speculation, the HIPAA Omnibus Rule has been placed on display at the Federal Register in preparation for formal publication. Clocking in at 563 pages, we have to admit that we have not yet fully analyzed it, but it is expected to address:

• The breach notification harm threshold
• Direct liability for business associates
• Covered entity liability for business associates who are agents
• Sale of “protected health information” or “PHI”
• Use and disclosure of PHI for marketing purposes
• Use and disclosure of PHI for fundraising
• Enforcement where noncompliance is due to “willful neglect”
• Use of compound authorizations for research and authorization of future research
• Restrictions on disclosure of PHI to health plans when patient pays out of pocket
• Use and disclosure of genetic information for underwriting purposes by health plans
• Disclosure of student immunization records to schools

We will provide more information in a DWT alert and can address your particular issues after we have had an opportunity to review and analyze the rule.

Topics:  Business Associates, Compliance, Covered Entities, Data Breach, Enforcement, HIPAA, HIPAA Omnibus Rule, Marketing, Notice Requirements, PHI

Published In: Communications & Media Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »