On January 25, 2013 the U.S. Department of Health and Human Services (HHS) issued a Final Omnibus Rule (“Final Rule”) to modify and expand aspects of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement and Breach Notification for Unsecured Protected Health Information Rules.
The original HIPAA law, established over 15 years ago, aimed to provide consumers with greater access to health care insurance, protect patient privacy and secure health care data, and promote the standardization of health information collection and exchange. This new Final Rule seeks to implement changes that:
- strengthen HIPAA privacy and security protections
- reduce the burden on Covered Entities
- enforce requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act
- increase the workability and flexibility of the original law.
- August 21, 1996 - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law.
- April 14, 2003 - Deadline for Covered Entities to comply with the Privacy Rule.
- October 16, 2003 - Deadline for Covered Entities to comply with the Transactions and Code Sets Rule.
- April 20, 2005 - Deadline for Covered Entities to comply with the Security Rule.
- July 30, 2004 - Deadline for applicable Covered Entities to obtain and use a National Employer Identifier (NEI).
- March 13, 2006 - The Enforcement Rule goes into effect.
- May 23, 2007 - Deadline for all health care providers who are HIPAA
Covered Entities to obtain and use a National Provider Identifier (NPI).
- February 17, 2009 - The American Recovery and Reinvestment Act of
2009 (ARRA) was signed into law. ARRA includes the Health Information
Technology for Economic and Clinical Health (HITECH) Act, which mandates
the US Department of Health and Human Services to develop new
regulations related to the HIPAA provisions.
- September 23, 2010 - The Interim Final Rule goes into effect
requiring Covered Entities to notify patients when a breach of their
unsecured, protected health information occurs.
- January 1, 2012 - Deadline to begin using the ASC X12 Version 5010
Transaction Standards October 1, 2013 - Transition to ICD-10 code sets
for medical diagnosis and inpatient procedures.
- January 17, 2013, the U.S. Department of Health and Human Services
(HHS) releases the Omnibus Final Rule, implementing the changes required
by the Health Information Technology for Economic and Clinical Health
(HITECH) Act of 2009.
- March 26, 2013 – The Omnibus Final Rule takes effect.
- September 23, 2013 – Covered Entities, Business Associates, and
subcontractors must be in compliance with most provisions under the
View information on enforcement
Omnibus Final Rule
Read the HHS Press Release
Read the Final Rule in the Federal Register
Key Components of the 2013 Final Omnibus Rule
Disclaimer: This information is general in scope and educational in nature. It is not intended as legal advice. If you require legal advice, contact an attorney.
The recommendations in this publication do not indicate an exclusive course of treatment or serve as a standard of medical care. Variations, taking into account individual circumstances, may be appropriate. This content is for informational purposes only. It is not intended to constitute financial or legal advice.
A financial advisor or attorney should be consulted if financial or legal advice is desired.