HIPAA Regulations: Security and Privacy General Provisions: Applicability - § 164.104
As Contained in the HHS HIPAA Privacy and Security Rules
|
HHS Regulations as Amended January 2013 |
(a) Except as otherwise provided, the standards, requirements, and implementation specifications adopted under this part apply to the following entities:
(1) A health plan.
(2) A health care clearinghouse.
(3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter.
(b) Where provided, the standards, requirements, and implementation specifications adopted under this part apply to a business associate.
| HHS Description and Commentary from the January 2013 Amendments Security and Privacy General Provisions: Applicability |
This section sets out to whom Part 164 applies. We proposed to replace the existing paragraph (b) with an applicability statement for business associates, consistent with the provisions of the HITECH Act. Paragraph (b) makes clear that, where provided, the standards, requirements, and implementation specifications of the HIPAA Privacy, Security, and Breach Notification Rules apply to business associates. We also proposed to remove as unnecessary the existing language in § 164.104(b) regarding the obligation of a health care clearinghouse to comply with § 164.105 relating to organizational requirements of covered entities. This final rule adopts these changes as proposed.
| HHS Description Security and Privacy General Provisions: Applicability |
In the NPRM, we provided that except as otherwise provided, the provisions of this part apply to covered entities: health plans, health care clearinghouses, and health care providers who transmit health information in electronic form in connection with any transaction referred to in section 1173(a)(1) of the Act. The final rule adopts this language.