The U.S. Department of Health and Human Services (“HHS”) recently issued its long awaited updates to the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA Omnibus Rule, which took effect March 23, 2013, significantly expands the reach of HIPAA outside the health care industry and ups the stakes for noncompliance. The article will address the main components of the Omnibus Rule and how they apply outside the health care industry.
The original HIPAA privacy rules were issued in 1999 and were effective April 14, 2003. The privacy regulations addressed protected health information (“PHI”), that is, individually identifiable health information that related to an individual’s past, present, and future medical care and treatment or payment for that care and treatment. The privacy regulations established new limits on use and disclosure of information, and created new individual rights regarding PHI. The security regulations soon followed in 2004, and governed electronic PHI...
Please see full publication below for more information.