The passage of HIPAA Omnibus Rule heralds a new era of accountability for organizations that fall under the category of ‘business associates’ to a healthcare provider. The new rule has made some sweeping changes to the penalty system applied to each HIPAA violation category.
HIPAA Omnibus Rule: Should your organization’s IT department fret over it? — Part II
In the first part of this 2-part blog , we saw the update about the HIPAA Omnibus Rule and the deadline for compliance (September 23rd). Now, let’s analyze the before & after of this new rule, and if it really applies to you. (Check out the examples given for better understanding.) The Scene Before HIPAA Omnibus… Before this law was enacted, it was the responsibility of healthcare providers (hospitals, clearinghouses, insurance companies, etc.) to report to HHS about any breach into the protected health information (PHI) that they store. And they had to comply with the detailed HIPAA Privacy Rule and HIPAA Security Rule in order to show that the PHI had been properly safeguarded, and not been exposed or manipulated.