Practice Areas

Final Notice: Covered Entities and Business Associates Must be in Compliance with the HIPAA Omnibus Rule by September 23, 2013

September 2013
Nicole Radziewicz, Esquire

The Department of Health and Human Services (HHS) has issued its final omnibus rule implementing a number of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, with the stated purpose of strengthening the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

The omnibus rule effectuates the most sweeping changes to HIPAA since its enactment in 1996. According to HHS Office for Civil Rights Director Leon Rodriguez: “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

Under the omnibus rule, among other requirements, covered entities must update certain written policies by September 23, 2013, including Notice of Privacy Practices provided to clients. Additionally, covered entities are responsible for revising all of their Business Associate agreements to reflect statutory changes, and new policies must be implemented regarding breach notification procedures. If you have not taken steps to comport with the omnibus rule, you must take action now. 

For more information on HIPAA compliance or the HITECH Act, please contact Nicole Radziewicz, Esquire at 717-231-6623 or at or Allen Warshaw, Esquire at 717-237-6768 or For more information on Rhoads & Sinon, please visit