The Omnibus Rule amends HIPAA regulations in five key areas:
- Introduction of the final amendments as required under the Health Information Technology for Economic and Clinical Health (HITECH) Act.
- Incorporation of the increased, tiered civil money penalty structure as required by HITECH.
- Introduced changes to the harm threshold and included the final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act.
- Modification of HIPAA to include the provisions made by the Genetic Information Nondiscrimination Act (GINA) to prohibit the disclosure of genetic information for underwriting purposes.
- Prevented the use of ePHI and personal identifiers for marketing purposes.
Definition changes were also made to the term Business Associate, the term Workforce was amended to include employees, volunteers and trainees, and what material is now classified as Protected Health Information.