A covered entity must not enter into a trading partner agreement that would do any of the following:
(a) Change the definition, data condition, or use of a data element or segment in a standard or operating rule, except where necessary to implement State or Federal law, or to protect against fraud and abuse.
(b) Add any data elements or segments to the maximum defined data set.
(c) Use any code or data elements that are either marked "not used" in the standard's implementation specification or are not in the standard's implementation specification(s).
(d) Change the meaning or intent of the standard's implementation specification(s).
[65 FR 50367, Aug. 17, 2000, as amended at 76 FR 40495, July 8, 2011]
We'll send you the best from Krebs on Security, Bleeping Computer, and more in a brief monthly digest.