Content Header Image

New HIPAA Omnibus Regulation Released by HHS Office of Civil Rights

by Published On: Jan 18, 2013Updated On: Jul 18, 2013

Citing changes in both healthcare and technology since the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a 563-page pre-publication version of a final omnibus rule that makes sweeping changes to various aspects of the law. 

While the changes become effective March 26,  covered entities and their business associates will have until September 23 to comply.  

Changes Included in the omnibus rule:

  • Many of the requirements of the HIPAA privacy and security rule that are applicable to covered entities will now be applicable to business associates, including contractors and subcontractors. Covered entities and their business associates will have up to one year following the Sept. 23 compliance deadline to modify their contracts to incorporate these changes.

  • A streamlined process for allowing individuals to authorize the use of their health information for research purposes.

  • New limitations on the use and disclosure of health information for marketing and fundraising purposes.

  • A prohibition on the sale of an individual’s health information without their permission.

  • A right for individuals to request an electronic copy of the medical records.

  • A right for individuals who pay for services out-of-pocket to restrict information that is sent to their health plan relating to such services.

  • Enhanced penalties for noncompliance commensurate with the level of negligence involved up to a maximum of $1.5 million per violation.

  • Presumption that an impermissible disclosure of protected health information constitutes a breach (hence, requiring notification to affected individuals), unless the covered entity can demonstrate, through a risk assessment, that there is a low probability that the information was compromised.
An article by Venable LLP explains what non-profits need to be doing now to comply with the changes. LeadingAge will be offering a webinar on the new law to members on Sept. 18, at 2 p.m. Eastern.


comments powered by Disqus