The US Department of Health and Human Services (HHS) released its highly anticipated and long-awaited privacy rule yesterday.  The rule expanded liability of business associates of hospitals, physicians and other Health Insurance Portability and Accountability Act (HIPAA) covered entities if they release data in ways that violate patient privacy.  Called the “omnibus” privacy and security rule because of its broad reach, it updates earlier HIPAA rules with more stringent privacy and security measures passed under the American Recovery and Reinvestment Act of 2009.

Read Secretary Kathleen Sebelius’s news release here, or link to the 563 page rule in the Federal Register. 

Many of these changes will affect your current privacy and security policies and procedures. CRHC’s Senior Advisor, David Ginsberg, will be reviewing the changes and providing summaries. Stay posted for further updates and resources.

Questions? Contact: David Ginsberg, Senior Advisor, Colorado Rural Health Center