On January 17, 2013, the Department of Health and Human Services (“DHHS”) published in the Federal Register the HITECH Omnibus Rule to implement the HIPAA changes specified in the HITECH Act. The Rule with its commentary is 563 pages, so it will take us a little while to digest it and inform you of its provisions in an understandable way. The Rule finalizes the modifications to the HIPAA Privacy, Security, and Enforcement Rules to implement many of the privacy, security, and enforcement provisions of the HITECH Act and to make other changes to the Rules; modifies the Breach Notification Rule; and finalizes the modifications to the HIPAA Privacy Rule to strengthen privacy protections for genetic information. Generally speaking, covered entities and business associates will have 180 days to comply with these new provisions.
Within the next week or two, we will post on this blog our analysis of the new Rule. Thereafter, we will publish the Supplement to The Compliance Guide to HIPAA and the DHHS Regulations (5th ed., 2011) to update it so that it will be totally accurate and up to date with regard to the new Rule. We will make the Supplement available to our Premium Members on our website for them to download. So if you have not yet subscribed to our Premium Membership or if you have not yet activated your membership, now would be the time. Contact us if you need help in that regard.