A federal regulation set forth by the U.S. Department of Health and Human Services which provides data privacy and security protections for protected health information (PHI). The regulation text includes both the Privacy Rule and Security Rule and sets standards for electronic health care transactions and types of identifiers. Covered entities include health plans, healthcare clearinghouses, and healthcare providers that transmit health information electronically.