September 4, 2013
On Jan. 17, 2013, the federal government released the HITECH Act Omnibus Final Rule, which clarified and expanded the HIPAA compliance obligations of covered entities and their business associates. Among other changes, the Omnibus Final Rule created a new breach standard, clarified the definition of a business associate, and implemented the increased liability and penalty structure mandated by the HITECH Act. Except with respect to certain grandfathered business associate agreements, covered entities, business associates and downstream subcontractors must achieve compliance with the changes under the Omnibus Final Rule by Sept. 23, 2013. Coming into compliance with the Omnibus Final Rule will involve updates to internal policies and procedures, notices of privacy practices, and business associate agreements.