Transactions and Code Sets Rule

Privacy Rule

Security Rule

Anyway, all that aside, that’s HIPAA. It fundamentally defines healthcare and shapes the way we relate to one another, sell products, and connect systems. While the Privacy Rule clearly outlines how data sharing practices should happen between actors, the Security Rule heavily incentivizes them to be cagey with their data. Most of the pain felt today with interoperability and integration stems in some way from the roles and responsibilities implicit via HIPAA. In fact, if you look closely, the three zones closely correspond to the three divisions of digital health I outlined in A Song of Health and FHIR: