In order to stay up-to-date with the demands of our digital age, the U.S. Department of Health and Human Services (HHS) formed the final HIPAA omnibus rule in January 2013.

According to HHS, the final omnibus rule was created to better protect individuals’ health information by improving the privacy and security standards of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In their official press release, HHS said that “The final omnibus rule enhances patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.”

Understanding the omnibus rule’s new set of standards is a crucial step toward HIPAA compliance. One of the added standards holds business associates and subcontractors, who receive protected health information (PHI) from covered entities, responsible for several of the HIPAA requirements. This means Business Associates must report breaches to the Office for Civil Rights, much like a Covered Entity would.

The Omnibus rule also enforces the penalties for noncompliance depending on the level of negligence; fines can be up to $1.5 million per calendar year, but cannot exceed that number in that year, whether it’s a one-time penalty at that amount or multiple violations throughout the calendar year that add up to it. The rule also clearly defines breach reporting standards, which strengthens the breach notification requirements of the Health Information Technology for Economic and Clinical Health Act (HITECH).

What does this new ruling mean for patients?

Patients can now request copies of their electronic medical records, and those copies can be in electronic format. Individuals who pay cash can determine what information their provider may or may not share with their health plan. The rule also further protects patients by setting new limits on the use and disclosure of PHI for marketing and fundraising; patient health information cannot be sold without the patient’s permission. Another stipulation of the rule provides easier processes for individuals to formally allow researchers to use their private health information.


Start using HIPAAgps today to help protect against large breach fines.