The HIPAA Omnibus Rule

We’re ten steps ahead on health care privacy issues, helping clients confront new and changing regulatory challenges with confidence and minimal hassle.

Our approach

Revisions to the Health Insurance Portability and Accountability Act (HIPAA), known as the HIPAA Omnibus Rule, rocked the health care industry. The broad changes, including new breach notification standards, have even impacted business associates of health care providers, new entities that never previously had to consider issues of patient privacy. We’re also seeing increased enforcement activity and penalties for noncompliance.

We understand the demands of the health care industry and work to take the headache out of HIPAA compliance. Our counsel, strategies and resources are well-honed after guiding an extraordinary number of clients through these complex requirements. The HIPAA Omnibus Rule is a familiar challenge for some and a brand new concern for many others. We work with everyone affected, providing an easy, effective and resource-sensitive path toward compliance.

Download our Compliance Checklist for step-by-step guidance. You’ll find individual road maps for covered entities, business associates and health plans. And you can review our HIPAA Omnibus FAQs for answers to some common questions concerning the new and modified privacy and security standards.

Who we work with

  • Health care providers, pharmacies, laboratories and others who collect, transmit, store or have access to protected health information
  • Business associates, including data storage companies, cloud vendors, EMR providers, software vendors, collection agencies and billing services (and their subcontractors)
  • Companies with self-insured health plans
  • Health information exchange organizations (HIEs), regional health information organizations (RHIOs), e-prescribing gateways and personal health record (PHR) vendors
  • Patient safety organizations
  • Law firms, law enforcement agencies, accounting firms and other professional advisors working with sensitive client information
  • Companies at any stage of responding to privacy complaints or the theft or loss of data, whether intentional or accidental, including victims of hacking, disgruntled or negligent employees and natural disasters


  • Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
  • The Rhode Island Department of Health Founder’s Award, the Rhode Island Attorney General Justice Award and the Rhode Island Department of Health Award for Excellence in Public Health Promotion

Recent experience

  • Assisting covered entities in updating their HIPAA compliance programs to comply with the HIPAA Omnibus rule
  • Creating and implementing new compliance programs for business associates, including law firms, software vendors, storage companies and billing companies
  • Updating existing breach notification compliance programs and implementing new programs for businesses who’ve never had them before
  • Conducting extensive employee training initiatives in identifying and protecting high-risk data

HIPAA spotlight: key stats from a banner year

Law360 | January 17, 2017

This article recaps HIPAA stats and highlights from the past year. Chicago health care partner Valerie Montague is quoted throughout discussing privacy breaches and how health care organizations react.

Back to top