Omnibus Final HIPAA Rule Nears Publication

The HHS Office for Civil Rights has sent the final HIPAA omnibus rule to the Office of Management and Budget for review, one of the last steps before publication in the Federal Register.

The rule would make changes mandated under the HITECH Act to the HIPAA privacy, security, breach notification and enforcement rules, as well as the Genetic Information Nondiscrimination Act of 2008.
Major changes in the rule could include eliminating or amending the “harm threshold” provision that currently enables covered entities to not report on breaches determined to not be harmful, making business associates and subcontractors liable for breaches as covered entities are, and requiring some degree of data encryption.

A story in the November 2011 issue of Health Data Management explored possible changes to covered entities’ relationships with business associates and subcontractors under a final omnibus rule.

For reprint and licensing requests for this article, click here.