The new Omnibus Rules include some significant changes to long-standing procedures applicable to HIPAA Covered Entities, and extend the reach of HIPAA to business associates as well as their agents, and hence the need for compliance measures, to many entities not previously covered. It is the most sweeping since the original HIPAA security and privacy requirements, placing greater security requirements not only on covered entities but also on business associates, with the intent of ensuring privacy protections for patients as the healthcare industry moves toward greater utilization of electronic health record technologies.
To be brief, the new rule became effective on March 26, 2013 with compliance required by September 23, 2013. The new rule moves well beyond the HITECH Act’s Meaningful Use requirement to conduct a HIPAA information security audit.
Divurgent’s team of in-house regulatory and compliance counsel and information security experts are available to help. To meet the pressing needs associated with the September 23 deadline, we are prepared to offer immediate assistance to ensure that your organization is prepared. Services can range from remote support to reviewing available business associate and Notice of Privacy Practice documentation, providing recommendations for revision to ensure they reflect compliance needs, to on-site HIPAA privacy and security assessment, focusing on those areas that must be addressed to meet the recent changes.
If you have already prepared for September 23, we offer an opportunity to complete table-top privacy and security breach exercises to ensure that organization leaders are aware of their role in breach identification, response and remediation.
Please contact Mary Catherine Thompson at email@example.com
Background on HIPAA Omnibus Rules and Four Key Components
On Thursday, January 17, 2013, the United States Department of Health and Human Services issued Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act. The lengthy 563-page document, referred to as the Omnibus Rules, provides for numerous changes to the original security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996.
The final rule is composed of four final rules combined, HHS states, “to reduce the impact and number of times certain compliance activities need to be undertaken by the regulated entities.”
There are four key parts to the new rule, each with significant operational considerations and impacts for providers, health plans and business associates