Skip to main content

OMB Extends Review Period for HIPAA/HITECH Omnibus Rule

Written by: Dianne Bourque and Stephanie Willis

The Office of Management and Budget (OMB) announced on Friday, June 22, 2012, that it has extended the review period for the highly-anticipated omnibus rule intended to update key definitions and enforcement provisions relating to the implementation of  the Health Insurance Portability and Accountability Act (HIPAA).  As we noted in a previous post, the rule was originally submitted to OMB in late March.

The extension of the review period lends more credence to the rumors stemming from a recent statement made by Dr. Farzad Mostashari, National Coordinator at the Office of the National Coordinator for Health Information Technology, that the rule would be published by the end of the summer.  Mostashari’s comments have already confirmed that the final rule will extend liability under HIPAA to business associates and subcontractors, but the industry is waiting with bated breath for the final rule to provide more certainty about the future of the remaining provisions on privacy and security enforcement.  Mintz Levin is actively monitoring this issue, so please check back for further updates.

Originally posted at


Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.