Just when I thought I was catching up with HIPAA’s requirements and rules new information emerges. The office of Health and Human Resources (HHS) has released and update to their HIPAA Privacy and Security Rules. This new update is 563 pages long and shall be posted in the Federal Register around January 25, 2013. Effective date for these new rules is March 26, 2013 and compliance with the same shall be 180 days after the same has been posted. This new update is called the “omnibus” privacy and security rule because of its broad reach. The release updates earlier Health Insurance Portability and Accountability Act rules with more stringent privacy and security measures passed under the American Recovery and Reinvestment Act of 2009. HHS Secretary Kathleen Sebelius commented: “Much has changed in healthcare since HIPAA was enacted over fifteen years ago.” She also said that: “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.” “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said Leon Rodriguez, director of the Office for Civil Rights at HHS, also in the news release. The office is the lead privacy and security enforcement agency under HIPAA. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a healthcare provider or one of their business associates,” Rodriguez said. However, our dilemma with this new set of rules is that healthcare professionals are now facing a war in two fronts: in one side we are been required to share data while in the other we have to protect or face ever more dangerous consequences. As I always said there are no longer yes or no answers but shades of gray with ever more increasing regulations and the need to understand and abide by them. I have not had time to read the 563 pages but I can warranty that this will require long hours of research and even more in updating all our training material and policies to reflect the new updates. So my recommendation to you is simple: 1. Make the time to read, understand and implement; or 2. Hire a “true” expert to assist you with the previous recommendations. DO NOT IGNORE THE INFORMATION, NOR CONTINUE BUSINESS AS USUAL!!