Add to collection(s) Add to saved
  1. Business
  2. Finance

DOCUMENT NAME

advertisement 
Human Resources
Health Insurance Portability and Accountability Act
FREQUENTLY USED TERMS
Following are common definitions of terms frequently used throughout the HIPAA Compliance
Policy and Procedure Manual. They are provided to assist you in understanding and making use
of these documents. You may view the entire list of technical definitions provided in the HIPAA
Privacy Regulations at 45 C.F.R. §§160.103 and 164.501 and 164.504. The complete text of the
Rules is set forth in Appendix A.
Authorization
A covered entity may not use or disclose Protected Health Information about a patient for any
reason other than treatment, payment, or health care operations, unless either (1) the patient has
signed an authorization permitting that use or disclosure or (2) the HIPAA Privacy Regulations
otherwise allow the use or disclosure (for instance, the Privacy Regulations allow a covered
entity to disclose Protected Health Information to government authorities for certain public
health purposes even if the patient does not authorize such a disclosure). The HIPAA Privacy
Regulations set forth detailed requirements for the contents of an authorization.
Business Associate
A business associate is any person or organization that is involved, on the covered entity’s
behalf, in any activity that involves the use or disclosure of the Protected Health Information that
a covered entity maintains. The term does not include members of the covered entity’s
workforce. It specifically includes people or organizations that provide legal, actuarial,
accounting, consulting, data aggregation, management, administrative, accreditation, or financial
services to the covered entity, as long as they are not members of the covered entity’s workforce.
Covered entities that participate in an Organized Health Care Arrangement are not considered
business associates of one another when they perform these activities on behalf of the Organized
Health Care Arrangement.
Business Associate Agreement
The Privacy Regulations require covered entities to have agreements with each of their business
associates. Through these agreements, the covered entities contractually obligate the business
associate to abide by the covered entities’ standards for protecting the privacy of the Protected
Health Information they maintain. The agreements must provide covered entities with the power
to terminate their contracts with business associates when the business associates fail to abide by
those standards.
1 OF 4
Contact Officer/Contact Office
The Contact Officer or Contact Office is the person or office that the covered entity designates to
receive complaints and disseminate information related to the entity’s handling of Protected
Health Information. The Contact Person or Contact Office can be the Organization's Privacy
Officer or an entirely different person or office (who then works in conjunction with the Privacy
Officer).
Covered Entity
Covered entities are those individuals and organizations that are subject to the requirements of
the Privacy Regulations. Covered entities include all health plans, all health care clearinghouses,
and those health care providers who transmit health information in electronic form in connection
with a transaction covered by the Privacy Regulations. For these purposes, “transaction” includes
health care claims or equivalent encounter information, health care payment and remittance
advice, coordination of benefits, health care claim status, enrollment and disenrollment in a
health plan, eligibility for a health plan, health plan premium payments, referral certification and
authorization, first report of injury, and health care claims attachments.
Health Care Clearinghouse
A health care clearinghouse is a public or private entity that receives data from a health care
provider, health plan, another clearinghouse, or the business associates of such entities, and
translates that data from the format in which it was received to another format requested by the
entity that will ultimately be receiving the data.
Health Care Operations
Health care operations include a wide array of functions performed by covered entities, including
quality assessment and improvement, peer review, credentialing, arranging for medical review or
legal services, business planning and management, and underwriting and premium ratings.
Health Care Provider
A health care provider is any individual or organization that furnishes, bills, or is paid for
furnishing health care services.
Health Plan
A health plan is an individual or group plan that provides, or pays for, medical care. This
definition includes insurance companies, health maintenance organizations (HMOs), employee
welfare benefit plans, Medicare, Medicaid, along with other private and governmental programs.
2 OF 4
Minimum Necessary Standard
When using or disclosing Protected Health Information, covered entities generally must make a
reasonable effort to only use or disclose the minimum amount of information necessary to
achieve the purpose of the use or disclosure. The minimum necessary standard does not apply to
disclosures for treatment purposes, when required by law, or when the patient has authorized a
disclosure.
Notice of Privacy Practices
Each covered entity is required to adopt a Notice of Privacy Practices that explains the uses and
disclosures that the covered entity may make of Protected Health Information that it maintains
about its patients; the covered entity's legal obligations; and its patients’ rights under the Privacy
Regulations. Generally, this Notice must be provided to patients when they first seek treatment
from the covered entity. The privacy practices described in the Notice are binding on the covered
entity.
Organized Health Care Arrangement
An Organized Health Care Arrangement includes a clinically integrated care setting in which
individuals typically receive health care from more than one health care provider, for instance, a
Hospital and medical staff. It also includes an organized system of health care in which more
than one covered entity participates as long as each covered entity holds itself out to the public as
participating in a joint arrangement and participates in at least one of the following joint
activities: utilization review, quality assessment and improvement activities, or payment
activities. Participants in an Organized Health Care Arrangement can disclose Protected Health
Information to one another without obtaining the authorization of the patient.
Privacy Officer
The Privacy Officer is the person designated by the covered entity to develop, implement, and
oversee the entity’s compliance with the HIPAA Privacy Regulations. The Privacy Officer may
also serve as the entity’s Contact Person if the entity so designates.
Protected Health Information
Protected Health Information includes all individually identifiable health information that is
transmitted or maintained in any form, including in electronic media, with the exclusion of
employment records held by a covered entity in its role as employer and some educational
records.
3 OF 4
Psychotherapy Notes
Psychotherapy Notes are notes recorded in any medium by a mental health professional
documenting or analyzing the contents of conversation during counseling sessions, and that are
separated from the rest of an individual’s medical record. They do not include medication
prescription and monitoring, counseling session start and stop times, modalities and frequencies
of treatment, results of clinical tests, and summaries of diagnosis, functional status, treatment
plan, symptoms, prognosis and progress to date.
Workforce
Workforce means employees, volunteers, trainees, and other persons who perform services for a
covered entity while under the direct control of the covered entity. An individual may be a
member of a covered entity's workforce regardless of whether he or she is paid by the covered
entity. If an independent contractor who otherwise qualifies as a member of the workforce has an
assigned work station on the covered entity's premises and performs a substantial proportion of
his or her work at that location, the covered entity may choose to treat that person either as a
business associate or as a part of the workforce.
AALIB:383710.1\000000-00000
03/09/16 4:57 AM
4 OF 4
Related documents
1 The best definition of an accounting system is: a Journals, ledgers
1 The best definition of an accounting system is: a Journals, ledgers
Assumptions on our ER diagram
Assumptions on our ER diagram
APB Opinion #22 (paragraphs 12 and 13)
APB Opinion #22 (paragraphs 12 and 13)
Systems Analysis and Design Sergey V. Samoilenko
Systems Analysis and Design Sergey V. Samoilenko
identifying and assessing the risks of material misstatement
identifying and assessing the risks of material misstatement
Download
advertisement