After a 2.5 year wait the final HIPAA Omnibus Rule has been released with 563 pages of changes to HIPAA as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The package of regulations will be officially posted on the Federal Register on Jan. 25. The final omnibus rule will be effective on March 26, but covered entities and business associates have until Sept. 23 to comply.
The package includes:
- Extensive modifications to the HIPAA privacy, security and enforcement rules. Among the changes: Applying many security and privacy requirements to business associates and their subcontractors.
- A final version of the HIPAA breach notification rule. An interim final version has been in effect since September 2009. The new version clarifies requirements for when a breach must be reported to authorities.
- A rule spelling out that using genetic information for insurance underwriting purposes is a privacy violation under HIPAA, as well as discriminatory under the Genetic Information Non-Discrimination Act.
Questions? Contact: David Ginsberg, Senior Advisor, Colorado Rural Health Center
505.466.8597 or 303.883.7760 (cell)
