March 2, 2013
(This post is the second in a series of six that will examine the federal “Omnibus” HIPAA Rule, released January 18, and effective March 26. All covered entities and business associates must be in compliance by September 23, 2013.)
In Part 1 of this series, I provided a context for understanding the reasons for yet another HIPAA rule, particularly one that is prefaced with the word “omnibus.” I also offered my analysis of the far-reaching themes running through the Department of Health and Human Services ‘ new Rule. These can be boiled down to five words: expanded impact; expanded HHS powers.
Following is an Omnibus HIPAA summary and a list of the major changes presented in the new rule. In the posts to come, I will be digging into each of these, including discussing some real-world implications for covered entities, particularly healthcare providers and their business associates.
In Part 3, I attempt to weed through the convoluted new requirements surrounding business associates and their sub-contractors. These new provisions are not just complex; they presage perhaps the greatest amount of work that covered entities will have to do between now and the compliance deadline of September 23, 2013.