{"description":"Documents matching 'hipaa privacy rule part subparts'","count":711,"total_pages":36,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=hipaa+privacy+rule+part+subparts&format=json&page=2","results":[{"title":"Tribal Consultation on Proposed Modifications to the HIPAA Privacy Rule","type":"Proposed Rule","abstract":"The U.S. Department of Health and Human Services will conduct a virtual Tribal consultation on the proposed rule \"Modifications to the HIPAA Privacy Rule to Support, and Remove Barriers to, Coordinated Care and Individual Engagement.\"","document_number":"2026-00561","html_url":"https://www.federalregister.gov/documents/2026/01/14/2026-00561/tribal-consultation-on-proposed-modifications-to-the-hipaa-privacy-rule","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-01-14/pdf/2026-00561.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-00561.pdf?1768252509","publication_date":"2026-01-14","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"administrative burdens on <span class=\"match\">HIPAA</span> covered health care providers and health plans, while continuing to protect individuals' health information <span class=\"match\">privacy</span> interests. \n Pursuant to Executive Order 13175 (65 FR 67249), Consultation and Coordination with Indian Tribal Governments, and the Department of Health and Human Services' Tribal Consultation Policy, the Office for Civil Rights solicits input from Tribal officials as the Department develops modifications to the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> at 45 CFR <span class=\"match\">part</span> 160 and <span class=\"match\">subparts</span> A and E of 45 CFR <span class=\"match\">part</span> 164. Among other topics"},{"title":"HIPAA Privacy Rule To Support Reproductive Health Care Privacy","type":"Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this final rule to modify the Standards for Privacy of Individually Identifiable Health Information (\"Privacy Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The Department is issuing this final rule after careful consideration of all public comments received in response to the notice of proposed rulemaking (NPRM) for the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (\"2023 Privacy Rule NPRM\") and public comments received on proposals to revise provisions of the HIPAA Privacy Rule in the NPRM for the Confidentiality of Substance Use Disorder (SUD) Patient Records (\"2022 Part 2 NPRM\").","document_number":"2024-08503","html_url":"https://www.federalregister.gov/documents/2024/04/26/2024-08503/hipaa-privacy-rule-to-support-reproductive-health-care-privacy","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-04-26/pdf/2024-08503.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-08503.pdf?1713816919","publication_date":"2024-04-26","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"determination was informed by our expertise in administering the <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>, questions we have received from members of the public and Congress, comments we received on the 2023 <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> to Support Reproductive Health Care <span class=\"match\">Privacy</span> notice of proposed rulemaking (NPRM) (“2023 <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> NPRM”),\n 15 \n \n and our analysis of the state of <span class=\"match\">privacy</span> for IIHI.\n \n \n \n 15 \n  88 FR 23506 (Apr. 17, 2023).\n \n \n This final <span class=\"match\">rule</span> (“2024 <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>”) amends provisions of the <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> to strengthen <span class=\"match\">privacy</span> protections for highly sensitive PHI about the reproductive"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"history of the Security <span class=\"match\">Rule</span>, \n see \n section II.B, “Regulatory History.”\n \n \n \n \n 3 \n  \n See also \n the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 160 and <span class=\"match\">subparts</span> A and E of 45 CFR <span class=\"match\">part</span> 164; <span class=\"match\">HIPAA</span> Breach Notification <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 164, <span class=\"match\">subpart</span> D; and the <span class=\"match\">HIPAA</span> Enforcement <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 160, <span class=\"match\">subparts</span> C through E.\n \n \n \n \n 4 \n  45 CFR 160.103 (definition of “Protected health information”).\n \n \n \n \n 5 \n  45 CFR 160.103 (definition of “Individually identifiable health information”).\n \n \n \n \n 6 \n  At times throughout this NPRM, the Department uses the terms"},{"title":"Administrative Simplification; Adoption of Standards for Health Care Claims Attachments Transactions and Electronic Signatures","type":"Rule","abstract":"This final rule implements requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010, enacted on March 30, 2010--collectively, the Affordable Care Act. Specifically, this final rule adopts standards for health care claims attachments transactions, which will support health care claims transactions, and a standard for electronic signatures to be used in conjunction with health care claims attachments transactions.","document_number":"2026-05676","html_url":"https://www.federalregister.gov/documents/2026/03/24/2026-05676/administrative-simplification-adoption-of-standards-for-health-care-claims-attachments-transactions","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-03-24/pdf/2026-05676.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-05676.pdf?1774037709","publication_date":"2026-03-24","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"standard for retail pharmacy transactions, which were specified at 45 CFR <span class=\"match\">part</span> 162, <span class=\"match\">subparts</span> K through R. \n \n Since then, we have adopted several modifications to the <span class=\"match\">HIPAA</span> standards, including in the Health Insurance Reform: Modifications to the Health Insurance Portability and Accountability Act (<span class=\"match\">HIPAA</span>) Electronic Transaction Standards final <span class=\"match\">rule</span> (hereinafter referred to as the Modifications final <span class=\"match\">rule</span>) which appeared in the January 16, 2009 \n Federal Register \n (74 FR 3296). That <span class=\"match\">rule</span>, among other things, adopted updated versions of the standards, X12"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is modifying an existing system of records maintained by the Centers for Medicare & Medicaid Services (CMS), titled \"Home Health Agency (HHA) Outcome and Assessment Information Set (OASIS),\" System No. 09-70-0522. This system of records covers information about patients receiving home health services from a Medicare and/or Medicaid approved HHA. Home health agencies required to comply with Medicare Conditions of Participation (CoP) are now mandated to collect OASIS on patients with any payer source, instead of just patients with Medicare/Medicaid pay sources. The amended System of Records Notice (SORN) includes other modifications which are explained in the Supplementary Information section, below.","document_number":"2025-13004","html_url":"https://www.federalregister.gov/documents/2025/07/11/2025-13004/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-11/pdf/2025-13004.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-13004.pdf?1752151518","publication_date":"2025-07-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"retention is authorized. \n ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: \n \n Safeguards conform to HHS Information Security and <span class=\"match\">Privacy</span> Program, \n https://www.hhs.gov/ocio/securityprivacy/index.html \n . The information is safeguarded in accordance with applicable laws, <span class=\"match\">rules</span>, and policies, including the HHS Policy for Information Security and <span class=\"match\">Privacy</span> Protection (IS2P); the CMS Information Systems Security and <span class=\"match\">Privacy</span> Policy (IS2P2); the E-Government Act of 2002, which includes FISMA, 44 U.S.C. 3541 through 3549, as amended by the Federal Information"},{"title":"Health Data, Technology, and Interoperability: Trusted Exchange Framework and Common Agreement (TEFCA)","type":"Rule","abstract":"This final rule has finalized certain proposals from a proposed rule published in August 2024 and in doing so advances interoperability and supports the access, exchange, and use of electronic health information. Specifically, this final rule amends the information blocking regulations by including definitions related to the Trusted Exchange Framework and Common Agreement (TEFCA) Manner Exception. It also implements provisions related to the TEFCA, which will support the reliability, privacy, security, and trust within TEFCA. Lastly, this final rule includes corrections and updates to current regulatory provisions of the Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification Program.","document_number":"2024-29163","html_url":"https://www.federalregister.gov/documents/2024/12/16/2024-29163/health-data-technology-and-interoperability-trusted-exchange-framework-and-common-agreement-tefca","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-12-16/pdf/2024-29163.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-29163.pdf?1733924732","publication_date":"2024-12-16","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"DSI Criterion \n B. Correction—<span class=\"match\">Privacy</span> and Security Certification Framework \n IV. Information Blocking Enhancements—<span class=\"match\">Part</span> 171, <span class=\"match\">Subpart</span> D (TEFCA) \n A. Definitions \n \n B. TEFCA\n TM \n Manner Exception\n \n \n V. Trusted Exchange Framework and Common Agreement\n TM \n \n A. <span class=\"match\">Subpart</span> A—General Provisions \n B. <span class=\"match\">Subpart</span> B—Qualifications for Designation \n \n C. <span class=\"match\">Subpart</span> C—QHIN\n TM \n Onboarding and Designation Processes\n \n D. <span class=\"match\">Subpart</span> D—Suspension \n E. <span class=\"match\">Subpart</span> E—Termination \n F. <span class=\"match\">Subpart</span> F—Review of RCE® or ASTP/ONC Decisions \n \n G. <span class=\"match\">Subpart</span> G—QHIN\n TM \n Attestation for"},{"title":"Confidentiality of Substance Use Disorder (SUD) Patient Records","type":"Rule","abstract":"The United States Department of Health and Human Services (HHS or \"Department\") is issuing this final rule to modify its regulations to implement section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The Department is issuing this final rule after careful consideration of all public comments received in response to the notice of proposed rulemaking (NPRM) for the Confidentiality of Substance Use Disorder (SUD) Patient Records. This final rule also makes certain other modifications to increase alignment with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to improve workability and decrease burden on programs, covered entities, and business associates.","document_number":"2024-02544","html_url":"https://www.federalregister.gov/documents/2024/02/16/2024-02544/confidentiality-of-substance-use-disorder-sud-patient-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-16/pdf/2024-02544.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-02544.pdf?1707408916","publication_date":"2024-02-16","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Stat. 226 (Feb. 17, 2009).\n \n \n \n \n 5 \n  \n See \n the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>, 45 CFR parts 160 and 164, <span class=\"match\">subparts</span> A and E; the <span class=\"match\">HIPAA</span> Security <span class=\"match\">Rule</span>, 45 CFR parts 160 and 164, <span class=\"match\">subparts</span> A and C; the <span class=\"match\">HIPAA</span> Breach Notification <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 164, <span class=\"match\">subpart</span> D; and the <span class=\"match\">HIPAA</span> Enforcement <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 160, <span class=\"match\">subparts</span> C, D, and E. Breach notification requirements were added by the HITECH Act.\n \n \n \n \n 6 \n  PHI is individually identifiable health information maintained or transmitted by or on behalf of a <span class=\"match\">HIPAA</span> covered entity. \n See \n 45 CFR 160.103 (definitions"},{"title":"HIPAA Privacy Rule To Support Reproductive Health Care Privacy","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Standards for Privacy of Individually Identifiable Health Information (\"Privacy Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposal would modify existing standards permitting uses and disclosures of protected health information (PHI) by limiting uses and disclosures of PHI for certain purposes where the use or disclosure of information is about reproductive health care that is lawful under the circumstances in which such health care is provided. The proposal would modify existing standards by prohibiting uses and disclosures of PHI for criminal, civil, or administrative investigations or proceedings against individuals, covered entities or their business associates (collectively, \"regulated entities\"), or other persons for seeking, obtaining, providing, or facilitating reproductive health care that is lawful under the circumstances in which it is provided.","document_number":"2023-07517","html_url":"https://www.federalregister.gov/documents/2023/04/17/2023-07517/hipaa-privacy-rule-to-support-reproductive-health-care-privacy","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-04-17/pdf/2023-07517.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-07517.pdf?1681328717","publication_date":"2023-04-17","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"111-5, 123 Stat. 226 (Feb. 17, 2009) (codified at 42 U.S.C. 139w-4(0)(2)).\n \n \n \n \n 2 \n  45 CFR parts 160 and 164, <span class=\"match\">subparts</span> A and E. For a history of the <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>, \n see \n Section II.B.2., “Regulatory History,” below.\n \n \n \n \n 3 \n  \n See also \n the <span class=\"match\">HIPAA</span> Security <span class=\"match\">Rule</span>, 45 CFR parts 160 and 164, <span class=\"match\">subparts</span> A and C; the <span class=\"match\">HIPAA</span> Breach Notification <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 164, <span class=\"match\">subpart</span> D; and the <span class=\"match\">HIPAA</span> Enforcement <span class=\"match\">Rule</span>, 45 CFR <span class=\"match\">part</span> 160, <span class=\"match\">subparts</span> C, D, and E.\n \n \n \n \n 4 \n  45 CFR 160.103 (definition of “Protected health information”).\n \n \n \n \n 5 \n  42 U.S.C"},{"title":"Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability Standards and Prior Authorization for Drugs for Medicare Advantage Organizations, Medicaid Managed Care Plans, State Medicaid Agencies, Children's Health Insurance Program (CHIP) Agencies and CHIP Managed Care Entities, and Issuers of Qualified Health Plans on the Federally-Facilitated Exchanges","type":"Proposed Rule","abstract":"These proposals are intended to improve the electronic exchange of health care data and streamline processes related to prior authorization by increasing the interoperability of systems used across the health care industry. We are proposing new requirements for Medicare Advantage (MA) organizations, state Medicaid fee-for-service (FFS) programs, state Children's Health Insurance Program (CHIP) FFS programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs), including issuers that offer small group market QHPs on the Federally-facilitated Small Business Health Options Program (FF- SHOP) Exchanges (hereinafter referred to as \"small group market QHP issuers on the FF-SHOPs\") (collectively \"impacted payers\"), to make available electronic prior authorization for drugs. We are also proposing to extend many existing interoperability requirements for the prior authorization of non-drug items and services to include prior authorizations for drugs to further reduce patient and provider burden. We are also proposing to require impacted payers to report their application programming interfaces (API) endpoints and related information for the Patient Access, Provider Directory, Provider Access, Payer-to-Payer, and Prior Authorization APIs to CMS. To help assess the impact of our policies, we are proposing to collect API usage metrics. In addition, we are proposing to apply the existing interoperability requirements to small group market QHP issuers on the FF-SHOPs as impacted payers. To improve impacted payers' ability to exchange health information while continuing CMS's drive toward interoperability, we are proposing to require certain Health Level Seven (HL7[supreg]) Fast Healthcare Interoperability Resources (FHIR[supreg]) implementation guides (IGs) that are currently recommended. In addition, HHS is proposing to adopt the HL7 FHIR base standard and certain associated specifications and IGs as the Health Insurance Portability and Accountability Act of 1996 (hereinafter referred to as \"HIPAA\") (Pub. L. 104-191, enacted Aug. 21, 1996) standards for dental, professional, and institutional \"referral certification and authorization\" transactions and \"eligibility for a health plan\" transactions associated with prior authorization. We are proposing to add a definition for \"failure to report,\" which would allow CMS to impose a civil monetary penalty (CMP) on applicable manufacturers or applicable group purchasing organizations (GPOs) if those entities fail to grant CMS timely access to documents for the purposes of an audit. Finally, ONC is using this rulemaking to propose to adopt updated versions of certain health information technology (health IT) standards and specifications for HHS use, such as CMS's interoperability requirements, to support a more robust health IT infrastructure.","document_number":"2026-07205","html_url":"https://www.federalregister.gov/documents/2026/04/14/2026-07205/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-interoperability-standards","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-14/pdf/2026-07205.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07205.pdf?1775852111","publication_date":"2026-04-14","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"},{"raw_name":"Office of the Secretary"}],"excerpts":"attorney).\n 15 16 \n \n Under the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>, the individual's personal representative generally may exercise the right to access the individual's protected health information (PHI).\n \n \n \n 15 \n  \n See \n 45 CFR parts 160 and 164, <span class=\"match\">subparts</span> A and E.\n \n \n 16 \n  United States Department of Health and Human Services. (2020, January 31). Health Information and <span class=\"match\">Privacy</span>. Retrieved from \n https://www.hhs.gov/<span class=\"match\">hipaa</span>/for-professionals/faq/2069/under-<span class=\"match\">hipaa</span>-when-can-a-family-member/index.html \n and \n https://www.hhs.gov/<span class=\"match\">hipaa</span>/for-professionals/faq/persona"},{"title":"Reducing Bureaucracy and Burden for Human Services and Emergency Response Programs-Repatriation Program","type":"Rule","abstract":"This final rule amends the Care and Treatment of Mentally Ill Nationals of the United States, Returned from Foreign Countries regulations and the Assistance for United States Citizens Returned from Foreign Countries regulations to eliminate unnecessary or obsolete regulations.","document_number":"2026-12189","html_url":"https://www.federalregister.gov/documents/2026/06/17/2026-12189/reducing-bureaucracy-and-burden-for-human-services-and-emergency-response-programs-repatriation","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-17/pdf/2026-12189.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-12189.pdf?1781613915","publication_date":"2026-06-17","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Administration for Children and Families","name":"Children and Families Administration","id":49,"url":"https://www.federalregister.gov/agencies/children-and-families-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/49","parent_id":221,"slug":"children-and-families-administration"}],"excerpts":"are repealed. \n § 211.14 Disclosure of Information \n This <span class=\"match\">part</span> details the protections against the disclosure of information regarding individuals receiving care. This Section is repealed as this information is covered by other Federal laws and regulations including, but not limited to, the <span class=\"match\">Privacy</span> Act of 1974 (5 U.S.C. 552a) and the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>) <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> (45 CFR <span class=\"match\">part</span> 160 and <span class=\"match\">subparts</span> A and E of <span class=\"match\">part</span> 164). The <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> prohibits the disclosure of protected health information without"},{"title":"Agency Information Collection Request; 30-Day Public Comment Request","type":"Notice","abstract":"In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. OMB will accept further comments from the public during the review and approval period.","document_number":"2026-00499","html_url":"https://www.federalregister.gov/documents/2026/01/13/2026-00499/agency-information-collection-request-30-day-public-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-01-13/pdf/2026-00499.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-00499.pdf?1768225520","publication_date":"2026-01-13","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"1320d-5, to a violation of <span class=\"match\">Part</span> 2 in the same manner as it applies to a violation of <span class=\"match\">part</span> C of title XI of the Act, Administrative Simplification. The Administrative Simplification provisions were added to the Act by the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>). OCR currently exercises its enforcement authority under section 1176 of the Act to enforce the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span>, Security, and Breach Notification <span class=\"match\">Rules</span> (collectively, “<span class=\"match\">HIPAA</span> <span class=\"match\">Rules</span>”) in accordance with 45 CFR <span class=\"match\">part</span> 160 (“Enforcement <span class=\"match\">Rule</span>”). To implement 42 U.S.C. 290dd-2"},{"title":"Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions To Unleash Prosperity","type":"Proposed Rule","abstract":"This proposed rule focuses on deregulatory actions identified in HHS regulations regarding Health information technology standards, implementation specifications, and certification criteria and certification programs for health information technology, and information blocking. This proposed rule seeks to reduce burden, offer flexibility to both developers and providers, and support innovation through the removal and revisions of certain certification criteria and regulatory provisions. This proposed rule also seeks to address reported misuse and abuse of information blocking definitions and exceptions.","document_number":"2025-23896","html_url":"https://www.federalregister.gov/documents/2025/12/29/2025-23896/health-data-technology-and-interoperability-astponc-deregulatory-actions-to-unleash-prosperity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-12-29/pdf/2025-23896.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-23896.pdf?1766438109","publication_date":"2025-12-29","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Electronic Prior Authorization” final <span class=\"match\">rule</span> (90 FR 37130) (HTI-4 Final <span class=\"match\">Rule</span>), as a <span class=\"match\">part</span> of the FY2026 IPPS/LTCH PPS Final <span class=\"match\">Rule</span>, published by CMS on August 4, 2025 (90 FR 36536). The HTI-4 Final <span class=\"match\">Rule</span> finalized a limited subset of the proposals in the HTI-2 Proposed <span class=\"match\">Rule</span> (89 FR 63498) and focused on improving care delivery and reducing administrative burden through the exchange of clinical and administrative information. The HTI-4 Final <span class=\"match\">Rule</span> updated the ONC Health IT Certification Program to add several new certification criteria that advance health"},{"title":"Health Data, Technology, and Interoperability: Protecting Care Access","type":"Rule","abstract":"This final rule has finalized certain proposals from the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability Proposed Rule (HTI-2 Proposed Rule) and in doing so supports the access, exchange, and use of electronic health information. Specifically, this final rule amends the information blocking regulations to revise two existing information blocking exceptions and establish an additional reasonable and necessary activity that does not constitute information blocking referred to as the Protecting Care Access Exception.","document_number":"2024-29683","html_url":"https://www.federalregister.gov/documents/2024/12/17/2024-29683/health-data-technology-and-interoperability-protecting-care-access","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-12-17/pdf/2024-29683.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-29683.pdf?1734356733","publication_date":"2024-12-17","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"63622 and 63803) and finalized in this final <span class=\"match\">rule</span>. \n We reiterate here for emphasis the reminder we included in the HTI-2 Proposed <span class=\"match\">Rule</span> (89 FR 63622) that <span class=\"match\">HIPAA</span> covered entities and business associates must comply with the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>, including <span class=\"match\">privacy</span> protections in the “<span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> to Support Reproductive Health Care <span class=\"match\">Privacy</span>” final <span class=\"match\">rule</span> (89 FR 32976, April 26, 2024) (2024 <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span>) and any other applicable Federal laws that govern the use of EHI. For example, an actor's practice likely to interfere with an individual's access"},{"title":"Medicare and Medicaid Programs; CY 2026 Payment Policies Under the Physician Fee Schedule and Other Changes to Part B Payment and Coverage Policies; Medicare Shared Savings Program Requirements; and Medicare Prescription Drug Inflation Rebate Program","type":"Rule","abstract":"This major final rule addresses: changes to the physician fee schedule (PFS); other changes to Medicare Part B payment policies to ensure that payment systems are updated to reflect changes in medical practice, relative value of services, and changes in the statute; codification of establishment of new policies for: the Medicare Prescription Drug Inflation Rebate Program under the Inflation Reduction Act of 2022; the Ambulatory Specialty Model; updates to the Medicare Diabetes Prevention Program expanded model; updates to drugs and biological products paid under Part B; Medicare Shared Savings Program requirements; updates to the Quality Payment Program; updates to policies for Rural Health Clinics and Federally Qualified Health Centers; update to the Ambulance Fee Schedule regulations; codification of the Inflation Reduction Act and Consolidated Appropriations Act, 2023 provisions; updates to the Medicare Promoting Interoperability Program.","document_number":"2025-19787","html_url":"https://www.federalregister.gov/documents/2025/11/05/2025-19787/medicare-and-medicaid-programs-cy-2026-payment-policies-under-the-physician-fee-schedule-and-other","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-11-05/pdf/2025-19787.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19787.pdf?1761945018","publication_date":"2025-11-05","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":" 115-271, October 24, 2018), related to Medicare <span class=\"match\">Part</span> B payment. In addition, this final <span class=\"match\">rule</span> includes provisions regarding other Medicare payment provisions described in sections III. and IV. of this final <span class=\"match\">rule</span>. \n This final <span class=\"match\">rule</span> updates policies for the Medicare Prescription Drug Inflation Rebate Program codified or finalized at parts 427 and 428 consistent with sections 1847A(i) and 1860D-14B of the Social Security Act (the Act). For the Medicare <span class=\"match\">Part</span> B Drug Inflation Rebate Program, this <span class=\"match\">rule</span> describes the identification of payment amount benchmark"},{"title":"Medicare and Medicaid Programs; CY 2026 Payment Policies Under the Physician Fee Schedule and Other Changes to Part B Payment and Coverage Policies; Medicare Shared Savings Program Requirements; and Medicare Prescription Drug Inflation Rebate Program","type":"Proposed Rule","abstract":"This major proposed rule addresses: changes to the physician fee schedule (PFS); other changes to Medicare Part B payment policies to ensure that payment systems are updated to reflect changes in medical practice, relative value of services, and changes in the statute; codification of establishment of new policies for: the Medicare Prescription Drug Inflation Rebate Program under the Inflation Reduction Act of 2022; the Ambulatory Specialty Model; updates to the Medicare Diabetes Prevention Program expanded model; updates to drugs and biological products paid under Part B; Medicare Shared Savings Program requirements; updates to the Quality Payment Program; updates to policies for Rural Health Clinics and Federally Qualified Health Centers update to the Ambulance Fee Schedule regulations; codification of the Inflation Reduction Act and Consolidated Appropriations Act, 2023 provisions; updates to the Medicare Promoting Interoperability Program.","document_number":"2025-13271","html_url":"https://www.federalregister.gov/documents/2025/07/16/2025-13271/medicare-and-medicaid-programs-cy-2026-payment-policies-under-the-physician-fee-schedule-and-other","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-16/pdf/2025-13271.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-13271.pdf?1752524111","publication_date":"2025-07-16","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"payment amount benchmark quarter in certain instances and the calculation for the <span class=\"match\">Part</span> B rebate amount in such instances. With respect to the Medicare <span class=\"match\">Part</span> D Drug Inflation Rebate Program, this rulemaking proposes to clarify the calculation of a <span class=\"match\">Part</span> D rebate amount, and proposes a methodology for removal of units for a <span class=\"match\">Part</span> D rebatable drug for which a manufacturer provides a discount under the 340B Program, as well as the establishment of a 340B data repository for <span class=\"match\">Part</span> D claims. \n This rulemaking proposes to modify policies for the Shared Savings"},{"title":"Agency Information Collection Request; 60-Day Public Comment Request","type":"Notice","abstract":"In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, is publishing the following summary of a proposed collection for public comment.","document_number":"2025-17557","html_url":"https://www.federalregister.gov/documents/2025/09/11/2025-17557/agency-information-collection-request-60-day-public-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-11/pdf/2025-17557.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-17557.pdf?1757508321","publication_date":"2025-09-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"violation of <span class=\"match\">Part</span> 2 in the same manner as it applies to a violation of <span class=\"match\">part</span> C of title XI of the Act, Administrative Simplification. The Administrative Simplification provisions were added to the Act by the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>). OCR currently applies its <span class=\"match\">HIPAA</span> enforcement authority under section 1176 of the Act in accordance with 45 CFR <span class=\"match\">part</span> 160. To implement 42 U.S.C. 290dd-2, the Department published a final <span class=\"match\">rule</span> modifying <span class=\"match\">Part</span> 2, 89 FR 12472 (February 16, 2024) (“2024 <span class=\"match\">Part</span> 2 Final <span class=\"match\">Rule</span>”), that included"},{"title":"Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability","type":"Proposed Rule","abstract":"This proposed rule seeks to advance interoperability, improve transparency, and support the access, exchange, and use of electronic health information through proposals for: standards adoption; adoption of certification criteria to advance public health data exchange; expanded uses of certified application programming interfaces, such as for electronic prior authorization, patient access, care management, and care coordination; and information sharing under the information blocking regulations. It proposes to establish a new baseline version of the United States Core Data for Interoperability. The proposed rule would update the ONC Health IT Certification Program to enhance interoperability and optimize certification processes to reduce burden and costs. The proposed rule would also implement certain provisions related to the Trusted Exchange Framework and Common Agreement (TEFCA), which would support the reliability, privacy, security, and trust within TEFCA.","document_number":"2024-14975","html_url":"https://www.federalregister.gov/documents/2024/08/05/2024-14975/health-data-technology-and-interoperability-patient-engagement-information-sharing-and-public-health","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-08-05/pdf/2024-14975.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-14975.pdf?1721825115","publication_date":"2024-08-05","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"sought or received reproductive health care.\n 15 \n \n \n \n \n 15 \n  The definition of “person” for purposes of 45 CFR <span class=\"match\">part</span> 171 is codified in § 171.102 and is, by cross-reference to 45 CFR 160.103, the same definition used for purposes of the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> <span class=\"match\">Rule</span> (45 CFR <span class=\"match\">part</span> 160 and <span class=\"match\">subpart</span> E of 45 CFR <span class=\"match\">part</span> 164). The § 160.103 definition of “person” clarifies the meaning of “natural person” within it. We use “natural person” in this proposed <span class=\"match\">rule</span> with that same meaning.\n \n \n In section IV.B.3.d, we propose a care access condition (§ 171.206(c)) that can be"},{"title":"Medicare Program; Implementation of Prior Authorization for Select Services for the Wasteful and Inappropriate Services Reduction (WISeR) Model","type":"Notice","abstract":"This notice announces a 6-year model focused on reducing fraud, waste (including low-value care), and abuse in Medicare fee-for- service (FFS) via the implementation of technology-enabled prior authorization processes for select services.","document_number":"2025-12195","html_url":"https://www.federalregister.gov/documents/2025/07/01/2025-12195/medicare-program-implementation-of-prior-authorization-for-select-services-for-the-wasteful-and","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-01/pdf/2025-12195.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12195.pdf?1751055328","publication_date":"2025-07-01","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"assessment. \n \n Given the model participants in WISeR will be third-party entities, CMS <span class=\"match\">privacy</span> and security policies will govern data sharing under the model. \n \n Model participants will be required to comply with all applicable data <span class=\"match\">privacy</span> and security laws, including relevant provisions of the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>) <span class=\"match\">Privacy</span>, Security, and Breach Notification <span class=\"match\">Rules</span> (45 CFR parts 160 and 164, <span class=\"match\">subparts</span> A through E) (<span class=\"match\">HIPAA</span> <span class=\"match\">Rules</span>). By performing prior authorization functions on behalf of the Medicare FFS health"},{"title":"Medicare Program; Contract Year 2027 and Certain Contract Year 2026 Policy and Technical Changes to the Medicare Advantage Program, Medicare Prescription Drug Benefit Program, and Medicare Cost Plan Program","type":"Rule","abstract":"This final rule revises the Medicare Advantage (Part C), Medicare Prescription Drug Benefit (Part D), and Medicare cost plan regulations to implement changes related to Star Ratings, marketing and communications, drug coverage, enrollment processes, special needs plans, and other programmatic areas.","document_number":"2026-06600","html_url":"https://www.federalregister.gov/documents/2026/04/06/2026-06600/medicare-program-contract-year-2027-and-certain-contract-year-2026-policy-and-technical-changes-to","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-06/pdf/2026-06600.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-06600.pdf?1775160908","publication_date":"2026-04-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"INFORMATION: \n I. Executive Summary \n A. Purpose \n The primary purpose of this <span class=\"match\">rule</span> is to amend the regulations for the Medicare Advantage (<span class=\"match\">Part</span> C) program, Medicare Prescription Drug Benefit (<span class=\"match\">Part</span> D) program, and Medicare cost plan program. This <span class=\"match\">rule</span> includes a number of changes that would improve these programs for contract year 2027 as well as codify existing subregulatory guidance. \n We note that, as with previous <span class=\"match\">rules</span>, the new marketing and communications policies in this <span class=\"match\">rule</span> are applicable for all contract year 2027 marketing and communications"},{"title":"Expanding Access to State Prescription Drug Monitoring Programs","type":"Proposed Rule","abstract":"The Department of Veterans Affairs (VA) proposes to amend its regulation that governs disclosure of information to and querying of State prescription drug monitoring programs (PDMPs). The rule would clarify certain statutory definitions, including the definition of delegate and licensed health care provider. In doing so, VA would eliminate confusion as to who VA would allow to query the PDMP and would better protect these individuals from any possible adverse action by a State, as long as they are acting within the scope of their VA employment or, if applicable, scope of their contract. The rule would also mandate that VA disclose the specified information to State PDMPs to the extent necessary to prevent misuse and diversion of prescription medicines. This proposed rule would promote safe and effective prescribing of controlled substances to covered individuals and patients who receive VA health care.","document_number":"2026-10084","html_url":"https://www.federalregister.gov/documents/2026/05/20/2026-10084/expanding-access-to-state-prescription-drug-monitoring-programs","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-20/pdf/2026-10084.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-10084.pdf?1779194712","publication_date":"2026-05-20","agencies":[{"raw_name":"DEPARTMENT OF VETERANS AFFAIRS","name":"Veterans Affairs Department","id":520,"url":"https://www.federalregister.gov/agencies/veterans-affairs-department","json_url":"https://www.federalregister.gov/api/v1/agencies/520","parent_id":null,"slug":"veterans-affairs-department"}],"excerpts":"regulations require confidentiality and security of any such records. The <span class=\"match\">Privacy</span> Act (PA) (5 U.S.C. 552a), 38 U.S.C. 5701, and the Health Insurance Portability and Accountability Act (<span class=\"match\">HIPAA</span>) <span class=\"match\">Privacy</span> and Security <span class=\"match\">Rules</span> (45 CFR <span class=\"match\">part</span> 160 and <span class=\"match\">subparts</span> A, C, and E of <span class=\"match\">Part</span> 164), are applicable. Additionally, 38 U.S.C. 5705 and 7332 would protect information that falls within their purview. VA will continue to abide by these Federal laws and regulations to continue to protect the <span class=\"match\">privacy</span> of veterans' medical information. VA will only share such information"}]}