WAIS Document Retrieval

[Code of Federal Regulations]
[Title 45, Volume 1]
[Revised as of October 1, 2001]
From the U.S. Government Printing Office via GPO Access
[CITE: 45CFR164.500]

[Page 684]
 
                        TITLE 45--PUBLIC WELFARE
 
                    SUBTITLE A--DEPARTMENT OF HEALTH
                           AND HUMAN SERVICES
 
PART 164--SECURITY AND PRIVACY--Table of Contents
 
   Subpart E--Privacy of Individually Identifiable Health Information
 
Sec. 164.500  Applicability.

    Authority: 42 U.S.C. 1320d-2 and 1320d-4, sec. 264 of Pub. L. 104-
191, 110 Stat. 2033-2034 (42 U.S.C. 1320d-2(note)).


    (a) Except as otherwise provided herein, the standards, 
requirements, and implementation specifications of this subpart apply to 
covered entities with respect to protected health information.
    (b) Health care clearinghouses must comply with the standards, 
requirements, and implementation specifications as follows:
    (1) When a health care clearinghouse creates or receives protected 
health information as a business associate of another covered entity, 
the clearinghouse must comply with:
    (i) Section 164.500 relating to applicability;
    (ii) Section 164.501 relating to definitions;
    (iii) Section 164.502 relating to uses and disclosures of protected 
health information, except that a clearinghouse is prohibited from using 
or disclosing protected health information other than as permitted in 
the business associate contract under which it created or received the 
protected health information;
    (iv) Section 164.504 relating to the organizational requirements for 
covered entities, including the designation of health care components of 
a covered entity;
    (v) Section 164.512 relating to uses and disclosures for which 
consent, individual authorization or an opportunity to agree or object 
is not required, except that a clearinghouse is prohibited from using or 
disclosing protected health information other than as permitted in the 
business associate contract under which it created or received the 
protected health information;
    (vi) Section 164.532 relating to transition requirements; and
    (vii) Section 164.534 relating to compliance dates for initial 
implementation of the privacy standards.
    (2) When a health care clearinghouse creates or receives protected 
health information other than as a business associate of a covered 
entity, the clearinghouse must comply with all of the standards, 
requirements, and implementation specifications of this subpart.
    (c) The standards, requirements, and implementation specifications 
of this subpart do not apply to the Department of Defense or to any 
other federal agency, or non-governmental organization acting on its 
behalf, when providing health care to overseas foreign national 
beneficiaries.