As noted in previous Epstein Becker Green health reform alerts, on January 25, 2013, the long-awaited final omnibus rule (“Omnibus Rule”) issued by the U.S. Department of Health and Human Services (“HHS”) was published in the Federal Register. The Omnibus Rule makes sweeping changes to the privacy and security regulations under the Health Insurance Portability and Accountability Act (“HIPAA”).
In light of the Omnibus Rule’s new requirements, business associates and covered entities should strongly consider reviewing their existing HIPAA privacy and security practices, including compliance policies and business associate agreements. While the Omnibus Rule takes effect on March 26, 2013, affected parties have until September 23, 2013, to come into compliance with most of its provisions. This alert reviews several of the regulatory changes and suggests action items to facilitate compliance with the new requirements.