hipaa-privacy-rule
Installation
SKILL.md
HIPAA Privacy Rule — 45 CFR §164.500-534
Overview
The HIPAA Privacy Rule establishes national standards for the protection of individually identifiable health information — Protected Health Information (PHI) — held by covered entities and their business associates. Enacted under the Health Insurance Portability and Accountability Act of 1996 and finalized in the Privacy Rule of 2000 (with major modifications in 2002 and 2013 under HITECH/Omnibus), the rule balances patient privacy rights with the practical needs of healthcare delivery. The Privacy Rule applies to health plans, healthcare clearinghouses, and healthcare providers who transmit any health information electronically in connection with a HIPAA-covered transaction.
Covered Entities and Business Associates
Who Is a Covered Entity
Under 45 CFR §160.103, covered entities include:
| Entity Type | Definition | Examples |
|---|---|---|
| Healthcare Provider | Any provider who transmits health information electronically in connection with a covered transaction | Hospitals, physician practices, pharmacies, laboratories, dentists, chiropractors |
| Health Plan | Individual or group plan that provides or pays for medical care | Health insurers, HMOs, employer-sponsored health plans, government programs (Medicare, Medicaid, TRICARE) |
| Healthcare Clearinghouse | Entity that processes nonstandard health information into standard format | Billing services, repricing companies, community health management information systems |