The HIPAA Omnibus Rule
The HIPAA Omnibus Rule was finalized by the Office for Civil Rights (OCR). The Office of Management and Budget (OMB) approved the final rule and subsequently published it in the Federal Register. The Federal Register has published the final Omnibus rules written by the U.S. Department of Health and Human Services (HHS) that will modify the HIPAA Privacy, Security, Breach Notification and Enforcement Rules. The United States Government’s requirement to implement Electronic Medical Records and Health IT compliance has prompted the US Government to adopt the long awaited HIPAA Omnibus Rule.
The modifications implement most of the privacy and security provisions of the HITECH Act and relevant provisions of the Genetic Information Nondiscrimination Act (GINA). The rule changes outlined in this HIPAA security rules summary are not surprises but are very impacting and will change the responsibilities imposed on covered entities, business associates and subcontractors.
The rule effectively merges four separate rule makings, which are as follows: