The HHS Office for Civil Rights has sent the final HIPAA omnibus rule to the Office of Management and Budget for review, one of the last steps before publication in the Federal Register.

The rule would make changes mandated under the HITECH Act to the HIPAA privacy, security, breach notification and enforcement rules, as well as the Genetic Information Nondiscrimination Act of 2008.
Major changes in the rule could include eliminating or amending the “harm threshold” provision that currently enables covered entities to not report on breaches determined to not be harmful, making business associates and subcontractors liable for breaches as covered entities are, and requiring some degree of data encryption.

A story in the November 2011 issue of Health Data Management explored possible changes to covered entities’ relationships with business associates and subcontractors under a final omnibus rule.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access