HIPAA Omnibus Rule Set to Finally be Passed

by | Sep 25, 2017

The HIPAA Omnibus Rule (Health Insurance Portability and Accountability Act of 1996 Omnibus Rule) was drafted in July 2010; however the final release has been put off until this month some of the concerns raised by stakeholders about the latest HIPAA amendment can be properly addressed.

The final rule has been held by the Office of Management and Budget since March 2012 although the final release has now been released. All HIPAA-covered bodies – and their business associates – must read the new rule and make changes to existing policies and procedures and factor in the new changes. Healthcare organizations have 180 days in order to introduce the changes as the Final Rule will not be applicable until Sept 22, 2013.

The new rule has been passed to bring HIPAA in line with HITECH, and was introduced by the U.S. Department of Health and Human Services’ Office of Civil Rights to include the use of Health Information Technology (HIT) and ensure that patient health information is properly secured. The final rule represents a major amendment to the legislation and is the most extensive change to be passed since HIPPA came into effect in 1996.

The Final Rule is 563-pages long; although the major points covered in the amendment – in terms of HIT – are listed below:

  • A person’s Personal Health Information should be properly secured and policies have been introduced to enhance security and privacy protection
  • There is now a requirement for Business Associates and their subcontractors to be HIPAA compliant and meet the same standards as covered bodies
  • The new rule does not allow the sale of PHI without prior permission being obtained and restrictions have been placed on the of the use of health data for marketing reasons
  • Patients are able to stop their health plan providers from being informed about services paid for in cash
  • Further modifications have been made to the Privacy Rule to cover the possible use of genetic information
  • Changes to Breach Notification Rules brings in a new standard for the assessment of the liability of a healthcare organization following a data breach
  • The OCR’s strategy for enforcing HIPAA regulations has been explicitly stated
  • Changes have been made to make it simpler for parents to share-proof a child’s immunization with their school
  • It will be easier for people to permit the use of their personal health information for research purposes
  • The new rule introduces stiff sanctions for non-compliance and data violations based on the degree to which the body in question is liable, with a maximum fine of up to 1.5 million per violation

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy