A HIO generally is not a HIPAA covered entity and the HIPAA Privacy Rule allows only certain legally separate covered entities to designate themselves as a single affiliated covered entity for purposes of complying with the Privacy Rule. Thus, a HIO generally may not participate as part of an affiliated covered entity. See 45 CFR ยง 164.105(b) for the requirements and conditions regarding affiliated covered entities.