Today the U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a final rule outlining technical corrections to the HIPAA Omnibus Rule.
Published January 25, 2013, the Omnibus Rule implemented changes to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules pursuant to the HITECH Act and the Genetic Information Nondiscrimination Act. The Omnibus Rule outlined significant changes to the HIPAA/HITECH landscape, including:
-
Introduction of new consumer protections (e.g., right to electronic access of PHI and right to restrict disclosures to health plans);
-
Expansion of business associate liability to subcontractors;
-
Modification of HIPAA breach analysis; and
-
Introduction of new requirements for updating policies and procedures, Notices of Privacy Practices, and Business Associate Agreements.
The new rule, scheduled to be published on June 7, includes a number of minor, technical corrections, including corrections to citations, cross-references, and references. The corrections do not include major, substantive updates to the Omnibus Rule.