Safe & Sound with Marianne Kolbasuk McGee

HIPAA Omnibus Tops Event's Agenda

Conference Focuses on Health Data Security

The HIPAA Omnibus Rule has preoccupied many healthcare privacy and security officers in recent months.

See Also: New OnDemand | Reacting with Split-Second Agility to Prevent Software Supply Chain Breaches

The topic of HIPAA Omnibus compliance will in the spotlight at a security conference May 14-15 in Washington, D.C., jointly hosted by the Department of Health and Human Services' Office for Civil Rights and the National Institute of Standards and Technology. I'll be attending the event to provide coverage of the important issues discussed.

The omnibus rule was unveiled in January, went into effect on March 26 and has a compliance date of Sept. 23. Among other things, the rule includes new guidelines for assessing breach notification, makes business associates directly liable for HIPAA compliance and gives patients the right to obtain an electronic copy of their health records.

This annual security event, "Safeguarding Health Information: Building Assurance through HIPAA Security," will feature a keynote address by OCR Director Leon Rodriguez, who'll be discussing HIPAA and HITECH Act compliance. Rodriguez is the nation's lead HIPAA enforcer. Under HIPAA Omnibus, penalties for non-compliance increased to $1.5 million per violation, and OCR has indicated it will ramp up enforcement.

Other presentations will describe the new breach notification guidance in the HIPAA Omnibus Rule, plus the findings of OCR's pilot HIPAA compliance audit program. Experts from NIST will also be on hand to discuss topics ranging from cloud computing to cybersecurity threats.

But I'll be looking forward to learning from attendees as well as speakers. If you're attending this important event in Washington, I look forward to chatting with you about how your HIPAA Omnibus compliance work has been going so far and how you're addressing other privacy and security challenges.

For instance, what's confusing you most about HIPAA Omnibus? Do you have tips that might help others meet the challenge of implementing the rule's many new provisions?

If you're a business associate, you now for the first time have direct liability to comply with HIPAA. Are you making progress with modifications to your agreements with covered entities and your subcontractors?

The presentations at this important annual data security event should provide valuable insights to attendees regardless of whether they're on site or online. Webcast registration for the event ends on May 19.

Be sure to look for news updates and interviews from the event next week. And visit our new HIPAA Omnibus Resource Center to access a wealth of information about the rule.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.