New HIPAA/HITECH act omnibus rule: What must be done to comply?

Health care professionals and others working with personal medical information face considerable compliance risks and responsibilities under the omnibus final rule governing “protected health information” (PHI) that the Department of Health and Human Services issued in January 2013 (the Final Rule). The Final Rule sets standards and authorizes substantially increased penalties for violations of HHS’ regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act. Particularly in light of those increased penalties, HIPAA covered entities (health plans, health care clearinghouses, and most health care providers) and their “business associates” — which are now directly subject to HHS regulations — should be actively reviewing their new responsibilities under the Final Rule.