The HIPAA Omnibus Rule of 2013 was promulgated to make changes into the existing HIPAA of 1996. These are considered the most far-reaching changes into the legislation since its birth.
The HIPAA Omnibus Rule was made to introduce modifications into the existing Health Insurance Portability and Accountability Act, 1996. These modifications were introduced by the Office of Civil Rights (OCR), which comes under the US Department of Health and Human Services (HHS).
What is the nature of these changes?
The HIPAA Omnibus Rule has made very comprehensive changes into the way the whole rule works. It ties all loose ends of the earlier legislation by strengthening the protection of the most important aspect of individuals' personal health information (PHI): security and privacy. In fact, all the proposed amendments to the HIPAA Privacy Rule stem from this aspect.
Prominent changes the HIPAA Omnibus Rule introduces
The core working of the electronic health record (EHR) has been updated in tune with the OCR's short and long term strategies for ensuring both privacy of data and enforcement of security, bringing it on par with the requirements set out originally by the HITECH Act
- The earlier Breach Notification Rule for Unsecured Protected Health Information has been amended. More objective standards are now in place to assess a health care provider's liability from a breach of data at the provider's end
- As a result of the HIPAA Omnibus Rule of 2013, all holders of information -Business Associates and Covered Entities, as well as their subcontractors of business associates, are subject to more stringent compliance requirements
- It drastically raises penalties for noncompliance, which will be graded on levels of negligence. The highest penalty for a violation has been pegged at $1.5 million
- It empowers patients who pay cash with the right, to restrain their provider from sharing information with anyone regarding both the treatment they are undergoing, as well as the health plan they are under
- There are now new limits as to the way marketing and fundraising organizations use and disclose patient information. Patients who authorize use of their personal information for research have to go through a new, more streamlined process
- Sharing proof of immunization of a child with school authorities is made a lot simpler for parents or guardians
- Privacy protections into HIPAA Privacy Rule relating to genetic information have been greatly enhanced
- An individuals' health information cannot be sold without permission. Likewise, patients can now ask for a copy of their EHR in electronic format.
From when are these changes effective?
These changes suggested in the HIPAA Omnibus Rule are effective from September 23, 2013.
Click Here to Explore More