HHS in its long-awaited privacy rule released today expanded liability of business associates of hospitals, physicians and other HIPAA-covered entities if they release data in ways that violate patient privacy.
Called the “omnibus” privacy and security rule because of its broad reach, it updates earlier Health Insurance Portability and Accountability Act rules with more stringent privacy and security measures passed under the American Recovery and Reinvestment Act of 2009.
“Much has changed in healthcare since HIPAA was enacted over fifteen years ago,” said HHS Secretary Kathleen Sebelius said in a news release coordinated with the posting of the 563-page rule in the Federal Register. “The new rule will help protect patient privacy and safeguard patients' health information in an ever-expanding digital age.”