HIPAA Omnibus Rule Strengthens Data Privacy Laws

The HIPAA Omnibus Rule was made effective on September 23, 2013, as part of an effort to expand the reach of HIPAA privacy laws. Thanks to the creation of this rule, the Office of Civil Rights was empowered to enforce rules and levy fines in a way that it previously had not been able to do under the original HIPAA laws.

Although the Omnibus Rule sounds like it would be a single rule, it actually is made up of a combination of four interrelated final rules.

Final Rule Requirements

To make up the HIPAA Omnibus Final Rule requirements, the following needed to occur:

  • Adjustments were made to the HIPAA Privacy Rule and HIPAA Security Rule.
  • An increased and tiered fine structure was developed in alignment with the HITECH Act as part of the HIPAA Enforcement Rule.
  • Changes to breach notification regulations and procedures were made. Again, this was in accordance with the HITECH Act.
  • The Genetic Information Nondiscrimination Act (GINA) that prohibits health plans from disclosing genetic information for underwriting-related purposes was incorporated into the HIPAA Privacy Rule.

If you or your organization handle protected health information, it is vital that you have a solid understanding of the HIPAA Omnibus Rule, so you can ensure that your organization and its employees stay compliant with it. Organizations that do not take HIPAA privacy laws seriously run the risk of civil—and perhaps even criminal—penalties.

Many organizations find a HIPAA Omnibus Rule checklist beneficial to better understand the details of the rule.

Significant Changes

The Omnibus rule brought with it a handful of especially significant changes that healthcare providers and business partners need to keep in mind. Some of them include:

  • "Electronic storage material" was redefined as "electronic media." The purpose of this change was to make the definition more inclusive of future technology advancements in how digital information is stored. For example, this new definition covers computer hard drives, digital memory cards, optical disks, and cloud storage solutions.
  • The Omnibus Rule also somewhat redefined the definition for protected health information (PHI). Thanks to the Omnibus Rule, preference is given to state laws or guidelines from other entities that have restrictions and safeguards in place that provide even greater protection than the Privacy Rule. In a nutshell, this means if your state has guidelines that are more expansive than federal guidelines, you must adhere to those state rules.
  • The Omnibus Rule also provided new guidelines for how healthcare providers interact with their business associates. The definition of a business associate was expanded to include subcontractors who work with health information organizations as well as any other group that transmits PHI. Perhaps the most important thing for these groups to understand is that they are liable for how they handle HIPAA compliance rules.

What Else You Need to Know? 

It is virtually impossible for any single person to be able to stay on top of HIPAA privacy laws and HIPAA Omnibus Final Rule requirements all by yourself. Even if you have a HIPAA Omnibus Rule checklist, there is simply too much information for a single individual to understand and implement.

Likewise, if you want to ensure that UCaaS, CCaaS, and VoIP providers' services and solutions align with these rules and regulations on your own, you'll go down a rabbit hole from which you likely would never escape. The good news is that you don't need to do that. Thanks to the solutions offered by 8x8, you can rest easy knowing that not only is there someone who has your back—there is a whole organization that specializes in secure business communication.

What's Next?

Keeping up on HIPAA privacy laws was difficult enough before the HIPAA Omnibus Rule was established in 2013. Since that time, the importance of understanding and abiding by HIPAA laws has only become more important. You owe it to your organization—as well as your patients—to ensure the data you transmit is secure. Failing to do so could lead to serious civil—or even criminal—penalties.

When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our online form to request a no-obligation quote from an 8x8 Product Specialist.

  • Request a

    or call 1-866-835-2979