cc3976fb7f
- Split competitive-analysis-2026-05.org → TOC + 9 competitor files in ideas/competitors/. Dropped date from filename. All competitor UUIDs generated, TOC keeps original UUID for backlink continuity. - Deleted passepartout-economics.org archive (replaced by 27-node KB). - Inlined 5 'See also' blocks into natural prose (compliance-index, first-mover-window, revenue-table, orders-of-magnitude-time, native-org-knowledge-base). - Linked 7 orphan compliance pages back to compliance index + finished truncated sentences. - Linked all 14 Agora requirement docs from topic-relevant pages (identity→lisp-machine-security, infrastructure→compute-marketplace, social-space→growth-strategy, exchange→agora-contracts, etc.). - Linked ai-industry-impact from investment-thesis, sufficiency-flip, verification-appliance, effects-growth-flywheel (up from 1 to 10+ pages). - Fixed CREATED timestamps to use git commit dates instead of today. - Made all links absolute from root (no port inheritance). - Removed stale agora/docs/ duplicate content.
2.1 KiB
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA (Health Insurance Portability and Accountability Act)
What it is
US federal law enacted 1996. Governs how protected health information (PHI) is stored, transmitted, and accessed. Two relevant rules:
- Privacy Rule: controls use and disclosure of PHI. Patients have rights to access, amend, and request accounting of disclosures. Minimum necessary standard — only the minimum PHI needed for the task may be used.
- Security Rule: administrative, physical, and technical safeguards for electronic PHI (ePHI). Requires access controls, audit controls, integrity controls, person/entity authentication, and transmission security.
Who must comply
Covered entities (health plans, healthcare clearinghouses, healthcare providers who transmit any ePHI) and business associates (any vendor handling PHI on behalf of a covered entity). Business Associate Agreements (BAAs) are mandatory.
Penalties
Tiered civil penalties: $100-$50,000 per violation, up to $1.5M per year per violation category. Criminal penalties for knowing misuse (up to 10 years imprisonment). State AGs can also bring civil actions.
Why it matters for the triad
HIPAA is the largest single compliance market in US healthcare — every hospital, clinic, insurer, and health-tech vendor must comply. The HIPAA gate package ($50K/yr) encodes the Privacy Rule and Security Rule as ACL2-verifiable gate constraints. Every PHI access attempt passes through the gate stack, producing a machine-checkable audit trail that satisfies the Security Rule's audit control requirement automatically. No separate logging infrastructure needed. Over a five-year deployment, the accumulated fact store and proof history create infrastructure lock-in — switching to a competitor means discarding all of it.