The Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act Omnibus Rule, published in the Federal Register Jan. 25, makes many changes to the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule, with substantial impact on employers. While these changes do not alter the fundamental structure of HIPAA compliance, employers still face a relatively lengthy "to do" list to comply with all of the new requirements. Perhaps, even more importantly, once the revised regulations go into effect, employers will confront much higher enforcement risk and significantly increased exposure to six- and seven-figure civil monetary penalties.

To learn more about the Omnibus Rule, please see Littler's ASAP, What Do Employers Really Need to Know About the New HIPAA/HITECH Omnibus Final Rule?, by Philip Gordon.