HIPAA Glossary

Business Associate

A person or company that performs a service on behalf of a Covered Entity in which PHI is employed. Chain of Trust Agreement

Data Use Agreement

An agreement between Covered Entities and business partners that specifically governs how PHI can be used and what safeguards will be employed

Electronic Medical Record

A computer-based record containing PHI

HIPAA Entity (Covered Entity)

Refers to those entities (Health Care Providers & Health Plan Providers & Health Care Clearinghouses) that are specifically governed by HIPAA's provisions

Minimum Necessary Rule

Part of privacy rule that states how much PHI should be disclosed by Covered Entities

PHI

Protected Health Information as defined by HIPAA - this data can be written, electronic or even verbal

Privacy Officer

Covered entities are required to have a designated Privacy Officer whose responsibilities include the development and implementation of policies defined in the HIPAA Privacy Rule

Privacy Rule

The provision within HIPAA that specifies the access patients have to their own records while defining what level of access everyone else has

Security Rule

The section of HIPAA that defines the specific safeguards and security procedures that Covered Entities must adopt when dealing with electronically-stored and transmitted PHI

TPO

Treatment, Payment or Health Care Operations – covered entities are required to disclose access to PHI except when that information has been used for TPO