Finally the Omnibus Rule that will address many of the HITECH Act revisions has been officially acknowledged as received by the Office of Regulatory Affairs at OMB starting the final review process before it is published. The Omnibus Rule was officially registered with OMB on Saturday March 24, 2012. The rule will cover many of the outstanding aspects of HITECH and include:

• Changes to the HIPAA Privacy and Security protections
• The Final Breach Notification Rule
• Enforcement and Compliance Interim Final Rule, and
• The proposed rule covering GINA

Accounting for Disclosures (AOD) will come out separately and is very close to being ready. Language that supports AOD can be found in the recently released NPRMs for Meaningful Use Stage 2 and Implementation Standards and Certification Criteria that are both out for public comment now. AOD is still expected to cover accounting for access to information related to Treatment, Payment and Operations and require and automated accounting. Several write ups of the NPRMs have already alluded that requirements in those rules are geared towards supporting automated auditing and the ability to produce an audit list, something that was very controversial when the AOD NPRM first came out last year.

Between the OCR Audit Program and the Omnibus Rule 2012 is shaping up to be a busy and exciting year for healthcare privacy and security.