The HIPAA-HITECH Omnibus Rule: What’s New?

New rules released under HIPAA require physicians to make several major changes over the next six months. These changes are complex and they will have a direct impact on how physicians do business, so physicians need to start planning now.

Business associate (BA) agreements must be reviewed. The new rules require physicians to use reasonable diligence in overseeing business associates. BAs should also take notice, because they may now be directly liable for breaches. The definition of who counts as a BA has expanded. So, any company working with a physician needs to figure out whether the new rules apply to it.

Physicians also need to prepare new NPPs to account for new patient rights. Patients will soon be able to limit disclosure if they pay for services in full. They will also be able to request machine-readable copies of EHR. Last, they will have to give written approval before the physician can use third-party marketing.

© 2013 Parsonage Vandenack Williams LLC

For more information, contact

Final HIPAA/HITECH Regulations Delayed

Publication of the HIPAA/HITECH Act Omnibus Final Rule has been delayed. The Office of Information and Regulatory Affairs, the department responsible for reviewing the regulations, has requested an extended review period for the rules. This extended review period will last for 30 days, and requires special approval for further extension. Commentators anticipate that a decision on the rule should be issued by July 23.

The proposed rule is expected to modify several components of HIPAA, including the Breach Notification Rule, the Enforcement Rule, and the Privacy and Security Rules. Furthermore, the proposed rule will expand the scope of HIPAA provisions to cover business associates of entities subject to HIPAA. Healthcare professionals should be aware of these changes and proactively plan to comply with the revised HIPAA regulations.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact