Proposed Standards for Privacy of Individually Identifiable Health Information. Scalability


We propose privacy standards that covered entities must meet, but leave the detailed policies and procedures for meeting these standards to the discretion of each covered entity.

  • We intend that implementation of these standards be flexible and scalable, to account for nature of each covered entity’s business, and the covered entity’s size and resources. We would require that each covered entity assess its own needs and implement privacy policies appropriate to its information practices and business requirements.
  • The preamble to the proposed rule will include examples of how implementation of these standards are scalable.