The HIPAA Final Rules announced with effect from 26th March 2012 comprises of four final rules. Hence it is being referred as the “Omnibus Final Rule”.
They are,
1.Final Modifications with improvements to the proposed rule of July 14, 2010 under HITECH Act. They are
a) Make Business Associates directly liable for compliance with relevant parts of the Privacy and Security rule
b)Strengthen the limitations on the use and disclosure of PHI for marketing
c) Expand individual’s right to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
d)Require modifications to and redistribution of a covered entity’s notice on privacy practices
e)Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools and to enable access to descendent information by family members or others
f) Adopt the additional HITECH Act enhancements to the enforcement rule not previously adopted in the October 30, 2009 interim final rule such as non compliance due to wilful neglect.
2. Final Rule adopting changes to HIPAA Enforcement rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act
3. Final rule on Breach Notification for Unsecured PHI
4.Final Rule modifying the HIPAA Privacy Rule as required by the Genetic Information Non Discrimination Act (GINA)
Naavi