On January 17, 2012, the U.S. Department of Health and Human Services (HHS), in conjunction with the Office of Civil Rights (OCR), released for preview their long-anticipated omnibus regulation to implement the statutory expansion of the scope of the Health Insurance Portability and Accountability Act (HIPAA) by the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), and the Genetic Information Nondiscrimination Act (GINA). The rule was published in the Federal Register on January 25, 2013, with an effective date of March 26. Covered entities and business associates have 180 days – until September 23, 2013 – to comply with the new rule.

In announcing the Final Rule, HHS Office for Civil Rights Director Leon Rodriguez stated that the rule “marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented” and will assist OCR “to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.” This client Alert highlights several key takeaways from the expansive 563-page rule. Should you require further analysis or explanation of the new HIPAA regulations, please contact the authors of this Client Alert or the Brownstein Hyatt Farber Schreck attorney with whom you normally consult.