OCR Issues Long-Awaited Omnibus HIPAA/HITECH Rules: Significant Changes for Business Associates and Breach Analysis

more+
less-

The wait is finally over. On January 17, 2013, the U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR), issued the final “omnibus” rule modifying the HIPAA Privacy, Security, Breach Notification and Enforcement Rules (Final Rule). The rulemaking comes nearly two and half years after the release of the proposed rule and implements statutory amendments to the federal health privacy framework enacted under the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Genetic Information Nondiscrimination Act of 2008 (GINA). It also addresses comments received regarding the interim final enforcement and breach notification rules, and makes other modifications to enhance the effectiveness of the HIPAA rules, while at the same time seeks to reduce their burden on regulated entities.

The Final Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to come into compliance with the new standards and implementation specifications. As discussed below, OCR has also provided a longer transition period for existing business associate agreements to come into compliance.

The Final Rule includes substantive and non-substantive (technical) changes to the HIPAA Rules. We highlight below the more significant substantive changes.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Business Associates, Compliance, Covered Entities, Data Breach, Data Protection, Deadlines, Enforcement, Fundraisers, GINA, HIPAA, HITECH, Marketing, Notice Requirements, OCR, PHI, Privacy Policy

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »