Five Key Takeaways For Employers Confronting The Massive, Omnibus HIPAA/HITECH Final Rule

At approximately one-half the length of War and Peace, the recently published Omnibus Final Rule, (pdf) which modifies the HIPAA Privacy, Security and Enforcement Rules and implements the HIPAA Breach Notification Rule, can overwhelm in-house employment, benefits, and privacy counsel as well as human resources and benefits professionals trying to discern the Rule’s practical implications for employers who sponsor HIPAA-covered plans, which are “covered entities” under HIPAA. Like most HIPAA-related guidance, the Omnibus Final Rule tends to focus on health care providers, with only a small portion of the ample regulatory commentary aimed at the employer community. Moreover, a detailed reading of the Omnibus Final Rule reveals dozens of technical changes with little or no practical impact on employers and numerous granular modifications that may be relevant to employers, if at all, only with limited frequency. Continue reading this entry at Littler's Workplace Privacy Counsel, or see Littler's ASAP, What Do Employers Really Need to Know About the New HIPAA/HITECH Omnibus Final Rule?, by Philip Gordon.

Photo credit: peepo

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.