amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc3976fb7f792cae1423e37b6067c57efa23f288
hermes-brain/ideas/compliance/hipaa.org
Hermes cc3976fb7f ideas: editorial sweep — atomization, interlinking, restructuring 
- Split competitive-analysis-2026-05.org → TOC + 9 competitor files in
  ideas/competitors/. Dropped date from filename. All competitor UUIDs
  generated, TOC keeps original UUID for backlink continuity.
- Deleted passepartout-economics.org archive (replaced by 27-node KB).
- Inlined 5 'See also' blocks into natural prose (compliance-index,
  first-mover-window, revenue-table, orders-of-magnitude-time,
  native-org-knowledge-base).
- Linked 7 orphan compliance pages back to compliance index + finished
  truncated sentences.
- Linked all 14 Agora requirement docs from topic-relevant pages
  (identity→lisp-machine-security, infrastructure→compute-marketplace,
  social-space→growth-strategy, exchange→agora-contracts, etc.).
- Linked ai-industry-impact from investment-thesis, sufficiency-flip,
  verification-appliance, effects-growth-flywheel (up from 1 to 10+ pages).
- Fixed CREATED timestamps to use git commit dates instead of today.
- Made all links absolute from root (no port inheritance).
- Removed stale agora/docs/ duplicate content.
2026-05-24 16:25:55 +00:00

46 lines
2.1 KiB
Org Mode
Raw Blame History

:PROPERTIES:
:ID: 84fb5f8f-0527-4df0-b6b6-dbf3bcff8a7f
:ID: auto-hipaa
:CREATED: [2026-05-23 Sat]
:END:
#+title: HIPAA (Health Insurance Portability and Accountability Act)
#+filetags: :passepartout:compliance:framework:hipaa:
* HIPAA (Health Insurance Portability and Accountability Act)
** What it is
US federal law enacted 1996. Governs how protected health information (PHI)
is stored, transmitted, and accessed. Two relevant rules:
- **Privacy Rule:** controls use and disclosure of PHI. Patients have rights
to access, amend, and request accounting of disclosures. Minimum necessary
standard — only the minimum PHI needed for the task may be used.
- **Security Rule:** administrative, physical, and technical safeguards for
electronic PHI (ePHI). Requires access controls, audit controls, integrity
controls, person/entity authentication, and transmission security.
** Who must comply
Covered entities (health plans, healthcare clearinghouses, healthcare providers
who transmit any ePHI) and business associates (any vendor handling PHI on behalf
of a covered entity). Business Associate Agreements (BAAs) are mandatory.
** Penalties
Tiered civil penalties: $100-$50,000 per violation, up to $1.5M per year per
violation category. Criminal penalties for knowing misuse (up to 10 years
imprisonment). State AGs can also bring civil actions.
** Why it matters for the triad
HIPAA is the largest single compliance market in US healthcare — every hospital,
clinic, insurer, and health-tech vendor must comply. The [[id:c34940cc-090e-57c4-8020-e78b1d32b96c][HIPAA gate package]]
($50K/yr) encodes the Privacy Rule and Security Rule as ACL2-verifiable gate
constraints. Every PHI access attempt passes through the gate stack, producing
a machine-checkable audit trail that satisfies the Security Rule's audit control
requirement automatically. No separate logging infrastructure needed. Over a
five-year deployment, the accumulated fact store and proof history create
[[id:2f783eb4-638e-5afa-9b59-6224d086a712][infrastructure lock-in]] — switching to a competitor means discarding all of it.
Reference in New Issue View Git Blame Copy Permalink