Editors: Patricia Markus (Smith Moore Leatherwood LLP, Raleigh, NC) and Linda Ross (Honigman Miller Schwartz and Cohn LLP, Detroit, MI)
The Omnibus Rule consists of four final rules adopting: (1) modifications to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act; (2) changes to the HIPAA Enforcement Rule to incorporate an increased and tiered civil monetary penalty structure required by the HITECH Act; (3) a Final Rule on Breach Notification for Unsecured Protected Health Information imposed by the HITECH Act; and (4) modifications to the HIPAA Privacy Rule required by the Genetic Information Nondiscrimination Act of 2008 (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes. These final rules, together with widely reported stepped-up enforcement activities by the U.S. Department of Health & Human Services Office for Civil Rights, make abundantly clear that the compliance stakes are significantly higher for covered entities, their business associates, and subcontractors.
This Member Briefing analyzes each of the final rules; however, perhaps more importantly, it offers practical insights, tips, and tools for facilitating compliance. Although the compliance deadline for many of the provisions in the Omnibus Rule has passed, many covered entities and business associates continue to struggle with some of the more-complex challenges posed by the Omnibus Rule. This guide includes practical tips from attorneys who have worked through many of those challenges.
Purchasers may access the data by visiting the AHLA homepage, signing in, clicking the "Electronic Product Downloads" link in the center of the page, and downloading the "HIPAAMB" file. Purchasers will be downloading a PDF file.