The HHS Office for Civil Rights has sent the HIPAA omnibus final rule to the Office of Management and Budget for review, one of the last steps before publication in the Federal Register.
The final omnibus rule would make changes mandated under the HITECH Act to the HIPAA privacy, security, breach notification and enforcement rules, as well as the Genetic Information Nondiscrimination Act of 2008.
Major changes in the HIPAA omnibus final rule could include eliminating or amending the “harm threshold” provision that currently enables covered entities to not report on breaches determined to not be harmful, making business associates and subcontractors liable for breaches as covered entities are, and requiring some degree of data encryption.
A story in the November 2011 issue of Health Data Management explored possible changes to covered entities’ relationships with business associates and subcontractors under a HIPAA final omnibus rule.
