August 20, 2014
August 19, 2014
August 18, 2014
HHS Releases HIPAA Omnibus Final Rule
On January 17, 2013, the Department of Health and Human Services (HHS) publicly released the long-awaited HIPAA Omnibus Final Rule (Final Rule). The Final Rule (1) implements many provisions of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), expanding the privacy and security standards directly governing covered entities and business associates; (2) modifies the interim final rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule); (3) modifies the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and (4) makes certain other modifications to the HIPAA Privacy, Security and Enforcement Rules to improve their workability. Notably, the Final Rule does not address the anticipated accounting of disclosures requirements, which was the subject of a separate proposed rule published on May 1, 2011.
You can read more about the significant changes that the Final Rule makes to the current landscape of HIPAA regulations in our client alert (Link: http://www.drinkerbiddle.com/resources/publications/2013/hitech-omnibus-final-rule)
The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply with the applicable provisions by September 23, 2013.
In its press release, HHS stated that the Final Rule “greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.” However, it also recognized the significant costs that may result from the overhaul of these regulatory specifications. Compliance costs include the necessary revisions and distributions of revised NPPs; assessing potential breaches; drafting and implementing BAAs for subcontractor arrangements; and implementing revised policies and procedures.
In the coming weeks, we will be publishing a series of alerts addressing more specific provisions of the Final Rule.
<span class="advertise"> Advertisement </span>
- Massive Data Breach Affects 4.5 Million Patients in 29 States
- NLRB Continues to Expand its Reach
- The OIG Issues An OIG Rule on ACOs and the IRS Provides Additional Guidance For Tax-Exempt Organizations
- FDA Issues Final Guidance on "In Vitro Companion Diagnostic Devices"
- CMS Care Coordination Payments – A Boon to Doctors and Patients but Patient Participation Will be Essential
- OSHA Concludes that Acclimatization May Be the Most Important Element of a Heat-Illness Prevention Program