Organizations that must comply with HIPAA are called “covered entities”.   The Privacy Rule protects most individually identifiable health information held or transmitted by a