HIPAA Glossary

Business Associate
A person or company that performs a service on behalf of a Covered Entity that requires contact with protected health information.
Data Use Agreement
An agreement between Covered Entities and outside institutions and parties that specifically governs how a Limited Data Set can be used
Deidentified Protected Health Information
Protected Health Information that has had all 18 HIPAA identifiers removed to prevent identification of an individual, using either the expert determination or safe harbor method
Electronic Medical Record
A computer-based medical record
HIPAA Entity (Covered Entity)
Refers to those entities (Healthcare providers, Health Plan Providers & Health Care Clearinghouses) that conduct healthcare transactions electronically that are required to comply with
HIPAA’s provisions
Limited Data Set
A set of health information that has had direct identifiers removed to prevent a person from being identified by the data, the use of which requires the signing of a Data use Agreement
Minimum Necessary Rule
Part of Privacy Rule that states how much PHI should be disclosed by Covered Entities and Business Associates – the minimum necessary to achieve the purpose for which the information is disclosed
Protected Health Information as defined by HIPAA. Written, electronic or even verbal health information that contains one or more of the 18 HIPAA identifiers. PHI refers to information relating to the provision of healthcare, payment for healthcare, or used for healthcare operations.
Privacy Officer
Covered entities are required to have a designated Privacy Officer whose responsibilities include the development and implementation of policies defined in the HIPAA Privacy Rule
Privacy Rule
A set of national standards to protect individuals’ medical records and other personal health information, including allowable uses and disclosures of PHI and patient rights
Security Rule
The section of HIPAA that defines the specific safeguards and security procedures that Covered Entities must adopt when dealing with electronically stored and transmitted PHI
Treatment, Payment or Healthcare Operations – The permitted uses and disclosures of protected health information that do not require prior authorization from a patient