HIPAA Omnibus Rule

Cloud Bytes

A detailed overview of the provisions of the HIPAA Omnibus Rule, which became effective March 26, 2013, with transition provisions extending through September 2014. Topics to be addressed will include the revised breach notification standard, patient access to information contained in an electronic health record, regulation of business associates and subcontractors, limitations on use/disclosure of PHI for marketing without authorization, prohibition on “sale” of PHI without authorization, research uses of data, patients’ right to restrict data sharing with payors, requirements to modify and redistribute notices of privacy practices, inclusion of limitations on use of genetic information for underwriting, clarification of the HHS Secretary’s role in enforcement, and imposition of civil money penalties (CMPs) and CMP liability for acts of agents.