Monday, January 21, 2013

HIPAA Omnibus Rule

The Office for Civil Rights (“OCR”) of the Department of Health and Human Services has released the overdue, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. "Much has changed in healthcare since HIPAA was enacted over 15 years ago," HHS Secretary Kathleen Sebelius said in a statement. "The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age."

Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule. The four rules that combine to create the omnibus final rule include:
  • Modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health Act, and certain other modifications to improve the rules, which were issued as a proposed rule on July 14, 2010.
  • Changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act, originally published as an interim final rule on Oct. 30, 2009.
  • A final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold with a more objective standard and supplants an interim final rule published on Aug. 24, 2009.
  • A final rule modifying the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes, which was published as a proposed rule on Oct. 7, 2009.
“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said HHS Office of Civil Rights Director Leon Rodriguez. “These changes not only greatly enhance a patient's privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

On Wednesday January 23, 2013 at 2:00 pm Eastern Time I will join Deven McGraw and David Harlow for a Hangout where we will discuss the new HIPAA omnibus rules. These are two attorneys who are national experts on healthcare. David Harlow is a seasoned healthcare attorney and consultant recognized as an accomplished, innovative and resourceful thought leader in health care law, strategy and policy. Deven McGraw is the Director of the Health Privacy Project at the Center for Democracy and Technology (CDT). Deven has a strong background in healthcare policy. Prior to joining CDT, she was the Chief Operating Officer of the National Partnership for Women & Families, providing strategic direction and oversight for all of the organization's core program areas, including the promotion of initiatives to improve healthcare quality. You will be able to view the discussion live, ask questions, and also see the archived video afterward. It will be broadcast on Google Plus and the archive made available on YouTube.

As promised, here is the video from the Hangout :-)

1 comment: