The much-anticipated final HIPAA Omnibus Rule was posted on the Federal Register public inspection desk January 17.


According to a press release written by The U.S. Department of Health and Human Services (HHS), this new rule will work to strengthen the privacy and security protection for health information. The HIPAA Omnibus Rule will enhance patient’s privacy protections by providing individuals new rights to their health information while allowing the government increased control over the associated laws.

The 563-page package of regulations includes:

  • Extensive modifications to the HIPAA privacy, security and enforcement rules, which includes security and privacy requirements to business associates and their subcontractors.
  • A final version of the HIPAA breach notification rule, which clarifies requirements for when a breach must be reported to authorities.
  • Dramatic changes to marketing and fundraising requirements
  • Rule modifying previous Genetic Information Nondiscrimination Act (GINA) which prohibits health plans from disclosing genetic information for underwriting purposes.

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” HHS Office for Civil Rights Director Leon Rodriguez said in a statement. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

The rules package will be officially posted on the federal Register January 26 and made effective March 26. Covered entities and business associates have until September 23 to comply.

If you have any questions about the new rule please do not hesitate to call us. Stay tuned for updates and an in depth analysis of the HIPAA Omnibus Rule.