Highlights of the Final Omnibus HIPAA Rule

This analytical brief, compiled by Health Information and the Law, a Legal Barriers project supported by the Robert Wood Johnson Foundation, details changes to the federal rule implementing modifications to the Health Insurance Portability and Accountability Act (HIPAA).

Released on January 17, 2013 by the U.S. Department of Health and Human Services, the final rule strengthens the privacy and security requirements related to the use and disclosure of patient health information, including new enforcement protocols and increased penalties. Additionally, it recognizes the broadening scope of health information exchange in a digital age by expanding the types of organizations responsible for keeping patient health information private and secure.

Key changes put in place by the final rule include:

  • Increased penalties for violations and a modified structure for assessing culpability;
  • Protection for genetic information, such as tests for inherited diseases; and
  • Expanded rights for patients, including access to their electronic information and a right to restrict its release to payers for services paid for out of pocket by the patient.