eHealth

The HIPAA Omnibus Rule

onlinetech
onlinetech
3 Min Read

The HIPAA omnibus rule, which extends the reach of liability to include business associates and subcontractors, should be out by the end of summer, according to Farzad Mostashari, the national coordinator for health information technology.

Submitted in March, the Office of Management and Budget will have up to 90 days to review the rule. HealthDataManagement.com reports Mostashari made the announcement during the opening keynote of the Health Privacy Summit in Washington, D.C.

The HIPAA omnibus rule, which extends the reach of liability to include business associates and subcontractors, should be out by the end of summer, according to Farzad Mostashari, the national coordinator for health information technology.

Submitted in March, the Office of Management and Budget will have up to 90 days to review the rule. HealthDataManagement.com reports Mostashari made the announcement during the opening keynote of the Health Privacy Summit in Washington, D.C.

More Read

Medical-Device-Marketing-Digital-Marketing-Healthcare-Marketing
How Does Your Medical Device (Digital) Marketing Support Your Sales Force?
How many self-employed research associates does it take to change a light bulb?
Digital Health’s Future Calls for New Regulatory Vision
What do ACO-Minded Providers Want?
How Could AI Help Your Practice Evolve?

When it comes to specific technology and HIPAA hosting requirements, the rule requires:

  1. Information system activity review – organizations must implement procedures to regularly review records of system activity, such as audit logs, access reports and security incident tracking reports. Log monitoring is a service that can address this requirement.
  2. Security reminders – take note of periodic security updates and implement them.
  3. Protection from malicious software – implement procedures for guarding against, detecting and reporting malicious software.
  4. Login monitoring – establish procedures for monitoring login attempts and reporting discrepancies. Multi-factor authentication, or two-factor authentication, is a low-cost and easy way to implement an additional security measure and method of verifying authorized access.
  5. Password management – document procedures for creating, changing and safeguarding passwords.

To ensure any lost or stolen data is recoverable and integrity is intact, the rule also requires:

  1. Data backup plan – establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information (ePHI).
  2. Disaster recovery plan- establish (and implement as needed) procedures to restore any loss of data. [Read more about IT disaster recovery solutions].

According to Lexology.com, overall, the omnibus rule will propose changes to:

  • The Breach Notification Rule.
  • The HIPAA Enforcement Rule, implementing changes mandated by the HITECH Act.
  • The Privacy and Security Rules, implementing changes mandated by the HITECH Act, as well as other changes to the Privacy Rule proposed in July 2010.
  • The Privacy Rule, implementing changes required by the Genetic Information Nondiscrimination Act.

Do and be able to prove your due diligence as a covered entity. Find out the Top 5 Questions to Ask Your HIPAA Hosting Provider and read our HIPAA white paper for a deeper dive into staying compliant and working with business associates.

References:
HIPAA/HITECH Act Privacy Rule Coming in July 2012?
Mostashari: HIPAA Rules Out by Summer’s End

TAGGED:
Share This Article

Stay Connected

Latest News

fight againt cancer
Breakthroughs in RNA Sequencing Provide New Insights in the Fight Against Cancer
Cancer News Specialties
aging in modern healthcare
Why Aging in Place Is Becoming a Cornerstone of Modern Healthcare
Global Healthcare Senior Care
Mental Health EHR
What Are the Core Features of a Mental Health EHR?
Mental Health Therapies
ADHD in adulthood
ADHD In Adulthood And Its Lasting Effects
Health

You Might also Like