American Academy of Family Physicians
Home Page > News & Journals > News > AAFP News Now > Practice & Professional Issues > HHS Rolls Out HIPAA Omnibus Rule

Search  

Advanced Search

Printer-friendly version

Share this on AAFP Connection

Share this page

HHS Rolls Out HIPAA Omnibus Rule

Final Rule Strengthens Privacy, Security for Consumer Health Data

By News Staff

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was strengthened recently when HHS announced that its Office for Civil Rights (OCR) had released a final rule that will implement a number of privacy and security changes.
Check Off-Medical Information, Names, Patient ID, Dates
The final omnibus rule was published in the Jan. 25 Federal Register (138-page PDF; About PDFs) and is effective on March 26. Physicians and other covered entities must be in compliance with the final rule by Sept. 23.

"Much has changed in health care since HIPAA was enacted more than 15 years ago," said HHS Secretary Kathleen Sebelius in a Jan. 17 press release. "The new rule will help protect patient privacy and safeguard patients' health information in an ever-expanding digital age."

In the same release, OCR Director Leon Rodriguez, J.D., said the final rule marked the most sweeping changes to the HIPAA privacy and security rules since they were first implemented. "These changes not only greatly enhance a patient's privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider or one of their business associates," said Rodriguez.

story highlights

  • HHS and its Office for Civil Rights recently released a final rule that makes changes to the privacy and security protections established by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
  • The omnibus rule is effective on March 26; physicians and other covered entities must be in compliance with the final rule by Sept. 23.
  • Physicians should review their current policies and procedures with regard to HIPAA and patient health data to ensure that their practices will be in compliance with the rule by the September deadline.
The omnibus rule finalizes statuary changes that were included in a section of the American Recovery and Reinvestment Act of 2009 known as the Health Information Technology for Economic and Clinical Health (HITECH) Act. The rule also finalizes changes required by the Genetic Information Nondiscrimination Act of 2008.

Some provisions of the final rule will affect family physician practices. For example, the rule spells out that any improper use or disclosure of personal health information should be considered a breach that would trigger official notification requirements (as spelled out in the rule) unless the organization in question carries out a risk assessment and determines otherwise.

In addition, the final rule
  • extends the requirements of the privacy and security rules to physicians' business associates and their subcontractors;
  • establishes new limitations on the use of personal health information for marketing and fundraising purposes;
  • prohibits the sale of a patient's personal health information without specific individual authorization to do so;
  • expands patients' rights to request and receive electronic copies of their personal health information; and
  • broadens patients' ability to restrict, in some instances, disclosure of their personal health information to health insurance plans.
The rule also requires covered entities to modify and redistribute their individual notice of privacy practices.

HHS suggests that physician practices review their current policies and procedures to ensure that their organizations will be in compliance with the final rule by the September deadline.
More From AAFP
Family Practice Management's Noteworthy blog: "Long-awaited HIPAA changes coming soon to a practice near you"
(Jan. 18, 2013)
Additional Resource
National Institute of Standards and Technology: Health Insurance Portability and Accountability Act Security Rule Toolkit


Printer-friendly version
Share this on AAFP Connection
Share this page

Copyright ©  American Academy of Family Physicians
Home | Privacy Policy | Contact Us | My Academy | Site Map
Members | Residents | Students | Patients | Media Center

AAFP Connection AAFP Connection | Facebook Find us on Facebook | Twitter Follow us on Twitter
RSS RSS | POD Podcasts

Search AAFP News Now

 

Practice & Professional Issues

Webinar Explores Practice Space Redesign

Patient Self-Management Focus of Webinar Series

Preparing for, Surviving Meaningful Use Audit

Direct Primary Care Offers Different Health Care Model

Webinar Addresses Direct Primary Care Practices

Support Helps Small Practices Transform to PCMH

FPs Look at Benefits, Problems With EHRs

Medicare Launches Bundled Payment Initiative

AAFP Reacts to CMS Proposed Rule

AAFP Makes Case for New Primary Care E/M Codes

Studies Look at Two Models to Improve Diabetes Care

Audits Delay Some EHR Bonus Payments

Webinar: Expert Tackles Meaningful Use Stage Two

Tools for ICD-10 Implementation Available From CMS

Research Compares e-Visits Versus Office Visits

'Time Out' on Meaningful Use Stage Three Rule-making

AAFP Offers Transitional Care Management Tools

AAFP Protests CPT Code Edits

Free Webinar Offers Guidance on ICD-10 Preparation

Primary Care Team Roles Can Enhance Patient Care

Proposed Rule Chips Away at Medicare Regulations

HHS Rolls Out HIPAA Omnibus Rule

EHR Adoption Rate Among FPs Continues to Climb

CMS Adds 106 New ACOs to Programs

White Paper Pursues Strategies to Overcome EHR Pitfalls

Webinar Offers Primer on PCMH Basics

Primary Care, PCMH Future of Health Care

Free Webinar Sorts Out Medicare Fee Schedule Details

HHS Should Delay, Rein in Meaningful Use Requirements

FP Steps Up During Hurricane Sandy

Physicians Without eRx Exemption Face Penalty

Organization Lists Top Five Physicians' Issues for 2013

Physician Groups Advocate Halting ICD-10 Implementation

Primer on Payment Reform: Rewarding Value Over Volume