HIPAA and HITECH Privacy and Security Rule Update: Final Omnibus Rule

The Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) published today the much anticipated final omnibus rule implementing the Health Information Technology for Economic and Clinical Health Act (“HITECH”) under HIPAA. The final HITECH rule modifies the Privacy Rule, Security Rule, Breach Notification Rule, Genetic Information Nondiscrimination Act of 2008 (“GINA”) Rule, and the Enforcement Rule (collectively referred to as the HIPAA Rules) for covered entities and the business associates handling protected health information (“PHI”) on their behalf.

We are providing some action items, followed by a brief summary of a few of the major features of the final HITECH rules (the “Final Rule”). We are also providing links to the Final Rule as published in the Federal Register and a redline showing the changes to the existing regulations.