OCR Issues Long-Awaited Omnibus HIPAA/HITECH Rules: Significant Changes for Business Associates and Breach Analysis


The wait is finally over. On January 17, 2013, the U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR), issued the final “omnibus” rule modifying the HIPAA Privacy, Security, Breach Notification and Enforcement Rules (Final Rule). The rulemaking comes nearly two and half years after the release of the proposed rule and implements statutory amendments to the federal health privacy framework enacted under the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Genetic Information Nondiscrimination Act of 2008 (GINA). It also addresses comments received regarding the interim final enforcement and breach notification rules, and makes other modifications to enhance the effectiveness of the HIPAA rules, while at the same time seeks to reduce their burden on regulated entities.

The Final Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to come into compliance with the new standards and implementation specifications. As discussed below, OCR has also provided a longer transition period for existing business associate agreements to come into compliance.

The Final Rule includes substantive and non-substantive (technical) changes to the HIPAA Rules. We highlight below the more significant substantive changes.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


King & Spalding on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.