Proposed Standards for Privacy of Individually Identifiable Health Information. Scope


a. Entities covered by the proposed rule

  • Health care providers who transmit health information electronically
  • Health plans
  • Health care clearinghouses

b. Health information covered by the proposed rule (“Protected health information”)

  • Protection would start when information becomes electronic, and would stay with the information as long as the information is in the hands of a covered entity.
    • Information becomes electronic either by being sent electronically as one of the specified Administrative Simplification transactions or by being maintained in a computer system.
    • The paper progeny of electronic information is covered; the information would not lose its protections simply because it is printed out of the computer.
    • HIPAA protects the information itself, not the record in which the information appears.
  • The information must be “identifiable.” If the information has any components that could be used to identify the subject, it would be covered.