The Final Omnibus HIPAA Rule is Finally Here

January 18, 2013
Legal Updates

Late last night, the U.S. Department of Health and Human Services announced its much anticipated final rule to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The omnibus rule finalizes four previous proposed and interim rulings, including the Enforcement Rule, the Breach Notification Rule, and regulations required under Health Information Technology for Economic and Clinical Health Act (HITECH Act).

This final rule retains many of the individual rights announced in the July 14, 2010 proposed rules.  Specifically, the final rule:

One of the most significant revisions pertains to the Department's revised definition of a "breach" which replaces the Breach Notification Interim Rule's "harm" threshold with a more objective standard. Additionally, the final rule expands many of the privacy and security requirements for business associates that receive protected health information, as required under the HITECH Act.

The Final Rule will be published in the Federal Register on January 25, 2013.