HHS preparing to offer HIPAA omnibus guidance: Update
Author Name Patrick Ouellette | Date April 26, 2013
According to in-house HHS attorney Iliana Peters, the Department of Health and Human Services (HHS) will be offering additional guidance on the HIPAA omnibus rule. Rachel Seeger, Senior Health Information Privacy Outreach Specialist for the Office for Civil Rights (OCR), told HealthITSecurity.com in an email that she hopes this guidance is provided soon:
Before publishing the Omnibus Rule, HHS carried out an extensive process, incorporating input from a wide range of stakeholders. To clarify Ms. Peters’ comments, we will be issuing additional compliance guidance and technical assistance to covered entities and business associates that was not addressed in the preamble of the Omnibus Rule given space limitations. We hope to publish these materials on OCR’s website soon.
Peters had stopped short of going into specifics of that guidance, butHealthcareinfosecurity.com reports HHS is working to get guidance out quickly to covered entities, business associates and subcontractors.
It will be interesting to see the scope of what HHS offers these organizations that are trying to wrap their heads around the new HIPAA omnibus requirements. The most interesting quote from Peters was that the omnibus rule, which went into effect on March 26 and will become enforceable on Sept. 23, has was initially chopped down from an original, lengthier version. How will the new guidance expand upon security, privacy and breach notification language in the HIPAA omnibus rule?
Regardless of what HHS is able to provide these organizations, the fact that they were asking plenty of questions about guidance in the first place is noteworthy. There still seems to be confusion among some organization around their exact responsibilities and hopefully this new guidance can shore some of those questions up.