The Impact of the 2013 HIPAA Omnibus Rule on Law Firms

The 2013 HIPAA Omnibus Rule has raised the stakes for any law firm that provides services to the healthcare industry. Under the new regulations, law firms that interact with protected health information (PHI) are directly liable for compliance with the entire HIPAA Security Rule and select provisions of the Privacy Rule, including the requirement that uses and disclosures of PHI must be limited to the “minimum necessary” to accomplish an intended purpose.