The HIPAA Omnibus Rule

Bookmark and Share

The HIPAA Omnibus Rule

Product Code: HOR

Availability: In stock

Your Price:
Add Items to Cart

The HIPAA Omnibus Rule
A Compliance Guide for Covered Entities and Business Associates

Understand the HIPAA Omnibus Rule and what you must do to ensure compliance

The HIPAA Omnibus Rule: A Compliance Guide for Covered Entities and Business Associates explains in clear and concise language the recently published, nearly 600-page rule and preamble that revises the HIPAA Privacy, Security, Breach Notification, and Enforcement rules. This easy-to-read guide describes the revisions and offers advice for complying with new requirements and standards. Almost every covered entity and business associate will need to revise its policies and procedures because of the Omnibus Rule. This book is your first step on the path to compliance.


  • Information is presented in a user-friendly format that facilitates compliance with HIPAA Omnibus Rule requirements.
  • The author distills and summarizes the nearly 600-page Omnibus Rule and preamble published January 25, 2013, in the Federal Register.
  • Specific examples clarify how, when, and to whom various provisions of the Omnibus Rule apply.
  • The online appendix provides instantaneous access to the electronic Code of Federal Regulations.
  • The Omnibus Rule Compliance Tracker in the online appendix facilitates compliance planning and management.

Chapter 1: Compliance Strategies

Chapter 2:  The Evolving Definition of PHI

     Genetic Information
     Long-deceased Individuals

Chapter 3: Business Associate Changes and Their Impact

     Expanded Definition of Business Associate
     New Business Associate Accountability and Liability

Chapter 4: Business Associate Contracts and Data Use Agreements

     Business Associate Contracts and Other Arrangements
     Data Use Agreements

Chapter 5: Enhanced Individual Rights

    PHI Disclosure Restrictions for Out-of-pocket Payments
    Individuals’ Requests for Copies of PHI

Chapter 6: Greater Protection for PHI

     Marketing and PHI
     Sale of PHI
     Fundraising and PHI
     Underwriting and PHI

Chapter 7: Facilitating PHI Use and Disclosure

     Research Authorization
     Decedents’ PHI Disclosed to Family and Others
     Immunization Status Disclosed to Schools

Chapter 8: Identifying Breaches

     Presumption of Breach
     Revised Risk Assessment
     Exceptions: Low-risk Situations
     Breach of Limited Data Sets

Chapter 9: Privacy Notice Impact

     Material Changes to the Privacy Notice
     Distribution of the Revised Privacy Notice

Chapter 10: Enforcement



     Business Associate Contract: Sample Provisions
     HIPAA/HITECH Act Administrative Simplification Penalties
     Law Finder
     Omnibus Rule Compliance Tracker

Bulk Orders

Bulk orders available. Call 800-650-6787 to learn more.

About the Authors

Kate Borten, president of The Marblehead Group in Marblehead, Mass., offers a unique blend of technical and management expertise, information security and privacy knowledge, and an insider’s understanding of the healthcare industry. Her company, founded in 1999, serves the full spectrum of covered entities and their business associates with respect to understanding privacy and security regulations, establishing and enhancing formal privacy and security programs, and assessing risk and regulatory compliance. Borten has more than 20 years of experience designing, implementing, and integrating healthcare information systems at world-renowned medical facilities, including Massachusetts General Hospital, where she was responsible for system development.

Published: May 2013