Skip to main content

HIPAA Omnibus Rule Reference Chart

By Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, and Stephanie D. Willis

Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule.

The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for Electronic and Clinical Health Act (“HITECH”) published in a proposed rule on July 14, 2010; the interim final enforcement rule—including HITECH’s new, tiered penalty structure—published on October 30, 2009; and the interim final breach notification rule published pursuant to HITECH on August 24, 2009 (collectively, “Proposed Rules”) and compares them to the same regulatory provisions published on January 17, 2013 as part of the Omnibus Rule (“Final Rule”). Note that this summary does not include revisions under the Genetic Information Nondiscrimination Act (GINA), also published in the Final Rule.

For quick reference, our chart indicates whether or not there were changes between the Proposed Rules and the Final Rule and includes commentary on certain notable provisions.

We hope that this summary will serve as a useful tool as we all begin the process of understanding new requirements under HIPAA.

» View the chart.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.