By Christina Beach Thielst

First Posted at Christina’s Considerations on 3/11/2013

Christina Thielst, Host of Christina's Considerations
Christina Thielst, Host of Christina’s Considerations

The 600ish pages of the HIPAA Final Omnibus Rule (published in January) affects nearly every aspect of patient privacy and data security and encompasses the:

  • HIPAA Privacy, Security and Enforcement Rules
  • Breach Notification Rule
  • HITECH Act
  • Genetic Information Discrimination Act

idExperts boiled down the new rule in a new whitepaper and includes their recommendations for managing the risks. The most significant clarification is that patients now have the right to get electronic copies of all of their electronic medical records upon request.  In addition, new categories of PHI may be used or disclosed for fundraising for better targeted efforts.

Covered entities will be required to change their notice of privacy practices to reflect these new rulings.  They should also:

  • Conduct and document annual privacy and security risk assessments (the HVA of Emergency Management)
  • Identify, manage and document compliance of business associates and their downstream contractors
  • Define and document your method for the security incident risk assessments; determining whether an incident is a breach or not.
  • Document your policies and processes for complying with the limiting of access to patient information when a patient can restrict access.
  • Encrypt PHI according to NIST specifications  to take advantage of the safe-harbor provision regarding notifications in the event of a breach.

Keep in mind, the compliance deadline is September 23rd and it will be here before you know it.

Patricia Salber MD, MBA (@docweighsin)
Patricia Salber, MD, MBA is the Founder and Editor-in-Chief of The Doctor Weighs In. She is also the CEO of Health Tech Hatch, the sister site of TDWI that helps innovators tell their stories to the world. She is also a physician executive who has worked in all aspects of healthcare including practicing emergency physician, health plan executive, consultant to employers, CMS, and other organizations. She is a Board Certified Internist and Emergency Physician who loves to write about just about anything that has to do with healthcare.


All comments are moderated. Please allow at least 1-2 days for it to display.