Section






[Code of Federal Regulations]

[Title 45, Volume 1]

[Revised as of October 1, 2006]

From the U.S. Government Printing Office via GPO Access

[CITE: 45CFR164.500]



[Page 751]

 

                        TITLE 45--PUBLIC WELFARE

 

                    SUBTITLE A--DEPARTMENT OF HEALTH

                           AND HUMAN SERVICES

 

PART 164_SECURITY AND PRIVACY--Table of Contents

 

    Subpart E_Privacy of Individually Identifiable Health Information

 

Sec.  164.500  Applicability.



    Authority: 42 U.S.C. 1320d-2 and 1320d-4, sec. 264 of Pub. L. 104-

191, 110 Stat. 2033-2034 (42 U.S.C. 1320d-2(note)).





    (a) Except as otherwise provided herein, the standards, 

requirements, and implementation specifications of this subpart apply to 

covered entities with respect to protected health information.

    (b) Health care clearinghouses must comply with the standards, 

requirements, and implementation specifications as follows:

    (1) When a health care clearinghouse creates or receives protected 

health information as a business associate of another covered entity, 

the clearinghouse must comply with:

    (i) Section 164.500 relating to applicability;

    (ii) Section 164.501 relating to definitions;

    (iii) Section 164.502 relating to uses and disclosures of protected 

health information, except that a clearinghouse is prohibited from using 

or disclosing protected health information other than as permitted in 

the business associate contract under which it created or received the 

protected health information;

    (iv) Section 164.504 relating to the organizational requirements for 

covered entities;

    (v) Section 164.512 relating to uses and disclosures for which 

individual authorization or an opportunity to agree or object is not 

required, except that a clearinghouse is prohibited from using or 

disclosing protected health information other than as permitted in the 

business associate contract under which it created or received the 

protected health information;

    (vi) Section 164.532 relating to transition requirements; and

    (vii) Section 164.534 relating to compliance dates for initial 

implementation of the privacy standards.

    (2) When a health care clearinghouse creates or receives protected 

health information other than as a business associate of a covered 

entity, the clearinghouse must comply with all of the standards, 

requirements, and implementation specifications of this subpart.

    (c) The standards, requirements, and implementation specifications 

of this subpart do not apply to the Department of Defense or to any 

other federal agency, or non-governmental organization acting on its 

behalf, when providing health care to overseas foreign national 

beneficiaries.



[65 FR 82802, Dec. 28, 2000, as amended at 67 FR 53266, Aug. 14, 2002; 

68 FR 8381, Feb. 20, 2003]