§ 403.812 HIPAA privacy, security, administrative data standards, and national identifiers.
(a) HIPAA covered entities. An endorsed sponsor is a HIPAA covered entity and must comply with the standards, implementation specifications, and requirements in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed sponsor the performance of which are necessary or directly related to the operations of the endorsed discount card program are covered functions for purposes of applying to endorsed sponsors the standards, implementation specifications, and requirements in 45 CFR parts 160, 162, and 164.
(b) HIPAA privacy requirements. An endorsed sponsor must comply with the standards, implementation specifications, and requirements in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160 and 164, subparts A and E, in the same manner as a health plan, except to the extent such requirements are temporarily waived by the Secretary.