The Department of Health and Human Services (HHS) recently released the omnibus Health Insurance Portability and Accountability Act (HIPAA) final rule. In a press release, HHS cited enhancing patient privacy protections and patient rights to their health information as the primary reasons for the omnibus rule.
ASA is currently analyzing the entire 563 page rule. Some areas of preliminary interest include:
- Adoption of a default presumption that an impermissible use or disclosure is a data breach unless it can be determined through a risk assessment that there is a low probability that data may be compromised (under HITECH breach notification requirements).
- Implementation of the HIPAA language related to the expansion of privacy & security obligations to business associates.
- Strengthens the government’s enforcement authority.
- Requires updates to the notice of privacy practices.