2013 HIPAA Omnibus Rule

—updated 1/4/2016

In 2013, the Department of Health and Human Services added new scope to HIPAA (the Health Insurance Portability and Accountability Act), which gives individuals new rights to their health information and strengthens the government’s ability to enforce the law. The changes provide consumers with increased protection and control of personal health information.  The 2013 HIPAA Omnibus Rule expands the federal rules in a few key ways:

  • It expands many of the requirements to business associates of these entities that receive protected health information, such as contractors and subcontractors.
  • Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.
  • It sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of an individuals’ health information without their permission.

See Workforce magazine’s New Changes Made To HIPAA Privacy And Security Rules, which reflects draft language that became final and took effect in September 2013.


Read more: