The New Omnibus Final Rule – Are You in Compliance?

A lot has changed in the health-insurance world in the last 15 years. That’s why the U.S. Department of Health and Human Services (HHS) established the Omnibus Final Rule. Announced on January 17, 2013, this new rule was designed to bring the Health Insurance Portability and Accountability Act (HIPAA) of 1996 into the 21st century.

As HHS Office for Civil Rights Director Leon Rodriguez says, “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented . . . These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections.”

Thanks to the Omnibus Final Rule, patients now have more control over their personal health information and their privacy is protected even more. The new rule increases penalties on business associates of health care providers, health plans, and other entities that do not comply with privacy and security rules. Penalties can now be as high as $1.5 million per violation!

The final omnibus rule also updates the Breach Notification requirements set by the Health Information Technology for Economic and Clinical Health (HITECH). The changes clarify the amount of time health care providers, health plans, and other entities have to report a breach of unsecured health information.

For employers that provide group healthcare plans, the final omnibus rule will require you to update and/or modify all policies, procedures and employee training related to the handling of protected health information. Employers will most likely be required by the new rule to provide more frequent security breach notifications. The new rule also addresses genetic discrimination. Employers will want to review health risk assessments to ensure they do not give incentives to employees to disclose genetic information.

The Omnibus Final Rule goes into effect March 26, 2013, and employers will be required to implement the changes by September 23, 2013.

As HHS Secretary Kathleen Sebelius told HHS, “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”

Need help assessing compliance? Let the experts at Lamb Financial Group help. We have offices in New York, New Jersey, and Pennsylvania, but we have clients all over the United States.



Image via Benefits & Incentives Group

Tags: , , ,

Leave a Reply