- Business Associate
- A person or company that performs a service on behalf of a Covered Entity that requires contact with protected health information.
- Data Use Agreement
- An agreement between Covered Entities and outside institutions and parties that specifically governs how a Limited Data Set can be used
- Deidentified Protected Health Information
- Protected Health Information that has had all 18 HIPAA identifiers removed to prevent identification of an individual, using either the expert determination or safe harbor method
- Electronic Medical Record
- A computer-based medical record
- HIPAA Entity (Covered Entity)
- Refers to those entities (Healthcare providers, Health Plan Providers & Health Care Clearinghouses) that conduct healthcare transactions electronically that are required to comply with
- HIPAA’s provisions
- Limited Data Set
- A set of health information that has had direct identifiers removed to prevent a person from being identified by the data, the use of which requires the signing of a Data use Agreement
- Minimum Necessary Rule
- Part of Privacy Rule that states how much PHI should be disclosed by Covered Entities and Business Associates – the minimum necessary to achieve the purpose for which the information is disclosed
- PHI
- Protected Health Information as defined by HIPAA. Written, electronic or even verbal health information that contains one or more of the 18 HIPAA identifiers. PHI refers to information relating to the provision of healthcare, payment for healthcare, or used for healthcare operations.
- Privacy Officer
- Covered entities are required to have a designated Privacy Officer whose responsibilities include the development and implementation of policies defined in the HIPAA Privacy Rule
- Privacy Rule
- A set of national standards to protect individuals’ medical records and other personal health information, including allowable uses and disclosures of PHI and patient rights
- Security Rule
- The section of HIPAA that defines the specific safeguards and security procedures that Covered Entities must adopt when dealing with electronically stored and transmitted PHI
- TPO
- Treatment, Payment or Healthcare Operations – The permitted uses and disclosures of protected health information that do not require prior authorization from a patient