HIOs and Regional Health Information Networks (RHINs) are being created to facilitate the exchange of information among providers. HIOs and RHINs are typically not statutorily governed by HIPAA, other than perhaps as Business Associates. The HHS guidance, issued in conjunction with The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, covers HIPPA issues in the following six areas:

1.         Data correction

2.         Openness and transparency

3.         Individual choice

4.         Collection use and disclosure

5.         Data safeguards

6.         Accountability


Link: http://www.hhs.gov/ocr/hipaa/hit/.