Regulatory Compliance – Understanding the HIPAA Omnibus Rule


The Health Information Technology for Economic and Clinical Act (HITECH Act) made some important changes to the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA’s privacy rule enforces standards for the use and disclosure of protected health information (PHI), the security rule enforces the protection of electronic PHI. The most noteworthy development on privacy and security policy is the requirement that HIPAA covered entities, along with health care professionals to notify individuals when their unsecured PHI has been lost.

In 2013, the Department of Health and Human Services (HHS) published HIPAA Omnibus Rule, which includes putting the final regulations altering HIPAA privacy, security and enforcement to implement various provisions of the HITECH Act. Regulations require changes in various areas of operations, including HIPAA breach notification and the safety, health products, marketing and fundraising, to name a few. Many changes will require considerable effort to implement. The notable changes for medical offices have to do with changes to individual rights under HIPAA, so that the necessary changes in policies and procedures and will be listed in the announcement units of privacy (NPP).

Penalties for Safety Violations

HIPAA-covered providers need to update policies and procedures, or face stiff penalties. HIPAA-covered entities that grant NPPs will update it to reflect changes in individual rights-violations are subject to enforcement that may include fines up to $ 50,000 per day.

  1. There is a new four-tier fraction plan with increased minimum and maximum fines, which has replaced the previous enforcement rules now mandatory fines for willful neglect accordance starting at $ 10,000.
  2. Violations that are not immediately corrected carry mandatory minimum fines start at $ 50,000 and can reach $ 1,500,000 for certain violations.
  3. For the offense for valid reasons and not to willful neglect, a penalty of not less than $ 1,000, or more than $ 50,000 for each violation is necessary.

how to be compliant under the new rules

HIPAA-covered entities and business associates need to upgrade colleague of the contracts and notices of privacy practices. BA needs to be consistent with national security with respect to electronic PHI, and they must also report breaches of unsecured PHI to covered entities. Business associates need to make sure that all sub-contractors who create or take Phi hand business associates must agree to the same conditions as business associates of such information.

In addition, physicians also need to diligently review and update HIPAA policies and procedures, mainly the privacy violations and reporting. Company member must fulfill the terms of Security Council regulation on electronic PHI. For notification of privacy, the HIPAA Omnibus Rule requires that they include a statement that the license required for the use and disclosure of PHI for marketing and explanations generated sales of Public Health. Since these changes represent significant changes under the HIPAA regulations revised NPP needs to be distributed to all new patients and made available to current patients on request, and also to show the office site and offices.


Leave a Reply

Your email address will not be published. Required fields are marked *