Our colleagues at Epstein Becker Green have issued a client alert: "HIPAA Omnibus Rule’s Impact on Notices of Privacy Practices," by Patricia M. Wagner, Brandon C. Ge, and Alaap B. Shah.
Following is an excerpt:
This health reform alert summarizes the key changes to the Notice of Privacy Practices ("NPP") requirements in the revised Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Omnibus Rule") as well as what covered entities need to do to be compliant. Because many covered entities may have modified their NPPs based on the Notice of Proposed Rulemaking issued on July 14, 2010 ("NPRM"), this alert also details the similarities and differences between the NPRM and the Omnibus Rule related to NPPs. In addition, Table 1 of this alert provides a quick summary of the NPRM proposals adopted—or not adopted—by the Omnibus Rule.
As covered entities work toward compliance, they should keep in mind that the Omnibus Rule becomes effective on March 26, 2013, but the deadline for compliance is September 23, 2013.