Analysis of New HIPAA "Omnibus Rule"

Be sure to spend some time with our advisory summarizing and providing guidance on the long-awaited “Omnibus Rule” amendments to the administrative simplification provisions of the Health Insurance Portability and Accountability Act (HIPAA), which the Department of Health and Human Services (HHS) published today in the Federal Register.  The advisory explains how the Omnibus Rule implements many privacy and security provisions in the Health Information Technology for Economic and Clinical Health (HITECH) Act and significantly extends HIPAA’s reach and limits.  It expands certain HIPAA obligations to business associates and their subcontractors, modifies the breach notification standard, expands patient rights to access and to restrict disclosure of their protected health information (PHI), imposes new rules governing uses and disclosures of PHI, clarifies enforcement approaches, and addresses obligations under the Genetic Information Nondiscrimination Act of 2008 (GINA).  The advisory also offers recommendations for steps covered entities should consider in the wake of the Omnibus Rule, and discusses the steps business associates and their affiliates must now take under HIPAA.  You can access the advisory here.