The Department of Health and Human Services (HHS) on Thursday issued its much-anticipated final omnibus rule (pdf) governing privacy for health information. This extensive rule spanning more than 500 pages comprises four final privacy-related regulations. Among other significant changes, the rule modifies the privacy, security, and enforcement regulations implementing the Health Insurance Portability and Accountability Act (HIPAA) to incorporate amendments made by the Health Information Technology for Economic and Clinical Health (HITECH) Act that provided increased protections for an individual’s health information. The new rule also amends HIPAA to address new privacy protections granted under Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA), which prohibits most health plans from using or disclosing genetic information for underwriting purposes. In addition, the rule modifies the HIPAA Enforcement Rule to include the increased and tiered civil money penalty structure provided by the HITECH Act, and establishes final regulations for the HITECH Act’s Breach Notification for Unsecured Protected Health Information rule.
Littler will be providing an in-depth analysis of the new rule and how it will impact both employer sponsors of group health plans and health care providers.
Photo credit: istockphoto