In 2013, the U.S. Department of Health and Human Services (HHS) published the HIPAA Omnibus Rule, a set of final regulations to strengthen the HIPAA and the HITECH acts.

1. Stay on the Right Side of the Law with the HIPAA Compliance Management
Solution
In 2013, the U.S. Department of Health and Human Services (HHS) published the HIPAA Omnibus Rule, a set of
final regulations to strengthen the HIPAA and the HITECH acts. The new regulations ensured more protection to
patients with respect to their personal health information. With the enactment of the HIPAA omnibus rule, the
healthcare providers and practitioners can no longer take patients for a ride as the regulations finalized by HHS
would help the federal government to enforce the law down to a T. According to HHS Secretary Kathleen Sebelius,
“Much has changed in health care since HIPAA was enacted over fifteen years ago. The new rule will help protect
patient privacy and safeguard patients’ health information in an ever expanding digital age.”
Given below are excerpts from the HIPAA omnibus rule.
1. Make Business Associates of Covered Entities directly liable for compliance with certain of the
HIPAA Privacy and Security Rules' requirements.
2. Strengthen the limitations on the use and disclosure of protected health information for marketing
and fundraising purposes, and prohibit the sale of protected health information without individual
authorization.
3. Expand individuals' rights to receive electronic copies of their health information and to restrict
disclosures to a health plan concerning treatment for which the individual has paid out of pocket in
full.
4. Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices.
5. Modify the individual authorization and other requirements to facilitate research and disclosure of
child immunization proof to schools, and to enable access to decedent information by family
members or others.
6. Adopt the additional HITECH Act enhancements to the Enforcement Rule not previously adopted in
the October 30, 2009, interim final rule, such as the provisions addressing enforcement of on
compliance with the HIPAA Rules due to willful neglect.
Besides the above regulations, the HHS has finalized a tiered civil money penalty structure, replaced the breach
notification rule's "harm" threshold with a more objective standard and prohibited most health plans from using
or disclosing genetic information for underwriting purposes.
With the federal government adopting a zero tolerance approach to non compliance, today HIPAA omnibus
compliance becomes a high priority for healthcare providers and practitioners. Medical practitioners and
healthcare providers are therefore deploying risk and compliance management solutions to address the
requirements of healthcare businesses including assessment of security and compliance levels of Business
Associates of healthcare businesses.
Hence having a solution to automate and standardize governance, risk and compliance management can help
healthcare providers to stay on the right side of the law.
Check out - IT Compliance Management