Sec. 3009. Miscellaneous Provisions.
(a) RELATION TO HIPAA PRIVACY AND SECURITY LAW.—
(1) IN GENERAL.—With respect to the relation of this title to HIPAA privacy and security law:
(A) This title may not be construed as having any effect on the authorities of the Secretary under HIPAA privacy and security law.
(B) The purposes of this title include ensuring that the health information technology standards and implementation specifications adopted under section 3004 take into account the requirements of HIPAA privacy and security law.
(2) DEFINITION.—For purposes of this section, the term ‘HIPAA privacy and security law’ means—
(A) the provisions of part C of title XI of the Social Security Act, section 264 of the Health Insurance Portability and Accountability Act of 1996, and subtitle D of title IV of the Health Information Technology for Economic and Clinical Health Act; and
(B) regulations under such provisions.
(b) FLEXIBILITY.—In administering the provisions of this title, the Secretary shall have flexibility in applying the definition of health care provider under section 3000(3), including the authority to omit certain entities listed in such definition when applying such definition under this title, where appropriate.’’.
Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.