Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule.
The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for Electronic and Clinical Health Act (“HITECH”) published in a proposed rule on July 14, 2010; the interim final enforcement rule—including HITECH’s new, tiered penalty structure—published on October 30, 2009; and the interim final breach notification rule published pursuant to HITECH on August 24, 2009 (collectively, “Proposed Rules”) and compares them to the same regulatory provisions published on January 17, 2013 as part of the Omnibus Rule (“Final Rule”). Note that this summary does not include revisions under the Genetic Information Nondiscrimination Act (GINA), also published in the Final Rule.
For quick reference, our chart indicates whether or not there were changes between the Proposed Rules and the Final Rule and includes commentary on certain notable provisions.
We hope that this summary will serve as a useful tool as we all begin the process of understanding new requirements under HIPAA.