(HealthDay)—The final omnibus rule, which makes changes to the Health Insurance Portability and Accountability Act (HIPAA) of 1996, goes into effect March 26, and physicians must be in compliance by Sept. 23.
The rule finalizes statutory changes in a section of the American Recovery and Reinvestment Act of 2009 as well as changes required by the Genetic Information Nondiscrimination Act of 2008. The final rule expands privacy requirements and security rules to business associates and subcontractors of physicians; establishes limitations on the use of personal health data for marketing and fundraising; prevents sale of patients' health information without specific authorization; extends the rights of patients to request and receive electronic copies of their medical records; and increases the patient's ability to limit disclosure of their health information to insurance plans.
The final omnibus rule is effective March 26. Physicians and other covered entities are expected to comply by Sept. 23. To ensure their practices are in compliance by the September deadline, physicians are encouraged to review their current policies and procedures with regard to HIPAA and patient health data.
"This final rule is needed to strengthen the privacy and security protections established under HIPAA for individual's health information maintained in electronic health records and other formats," according to the Jan. 25 Federal Register published by the U.S. Department of Health and Human Services. "This final rule also makes changes to the HIPAA rules that are designed to increase flexibility for and decrease burden on the regulated entities, as well as to harmonize certain requirements with those under the Department's Human Subjects Protections regulations."