On Wednesday, National Coordinator for Health IT Farzad Mostashari said that the final HIPAA Omnibus Rule will be released by the end of this summer, Health Data Management reports.
Mostashari made the announcement during his keynote address at the Health Privacy Summit in Washington, D.C. (Goedert, Health Data Management, 6/6).
About the HIPAA Omnibus Rule
On March 24, HHS' Office for Civil Rights sent the final HIPAA Omnibus Rule to the Office of Management and Budget for review, one of the last steps required before the rule can be published in the Federal Register. OMB has a 90-day period to review the rule.
Susan McAndrew -- deputy director for health information privacy at OCR -- said the omnibus rule combines four separate rulemakings, which are:
- The changes to HIPAA privacy and security rules required under the HITECH Act;
- New data breach enforcement and penalty requirements;
- Final regulations related to the HITECH Act's breach notification rule; and
- Changes to HIPAA to incorporate the Genetic Information Nondiscrimination Act (iHealthBeat, 3/29).
Mostashari said the omnibus rule also will extend HIPAA requirements to business associates and subcontractors.
Additional Comments From Mostashari
During the summit, Mostashari said that the health care industry needs to better educate patients about their privacy rights. He said patients should know how their data are used and how to submit complaints about privacy violations.
Health care providers also should strive to better understand HIPAA privacy and security requirements, Mostashari said, adding that patients never should hear, "Sorry, I can't give you your health records because of HIPAA" (Health Data Management, 6/6).