HIPAA Regulations: Security and Privacy General Provisions: Relationship to Other Parts - § 164.106
As Contained in the HHS HIPAA Privacy and Security Rules
|
HHS Regulations as Amended January 2013 |
In complying with the requirements of this part, covered entities and, where provided, business associates, are required to comply with the applicable provisions of parts 160 and 162 of this subchapter.
|
HHS Description and Commentary From the January 2013 Amendments |
The final rule adds a reference in this provision to business associates, consistent with their inclusion elsewhere throughout the other HIPAA Rules.
| HHS Description From the Original Rulemaking Security and Privacy General Provisions: Relationship to Other Parts |
The final rule adds a new provision stating that in complying with the requirements of this part, covered entities are required to comply with the applicable provisions of parts 160 and 162 of this subchapter. This language references Subchapter C in this regulation, Administrative Data Standards and Related Requirements; Part 160, General Administrative Requirements; and Part 162, Administrative Requirements. Part 160 includes requirements such as keeping records and submitting compliance reports to the Secretary and cooperating with the Secretary's complaint investigations and compliance reviews. Part 162 includes requirements such as requiring a covered entity that conducts an electronic transaction, adopted under this part, with another covered entity to conduct the transaction as a standard transaction as adopted by the Secretary.