Administration Simplification
Business associate
Clearinghouse
Consent
Covered entities
De-identified information
Disclosure
Electronic data interchange (EDI)
Health Plan
Health care operations
HHS or Secretary
Health information
Hybrid entity
Individually identifiable health information
Minimum necessary
Plan Sponsor
Protected health information (PHI)
Small Health Plan
Summary Health Information
Treatment
Unique user identifier
Administration Simplification - The component of HIPAA, which gives Health and Human Services (HHS) the authority to mandate the use of standards for the electronic exchange of health care data; to specify what medical and administrative code sets should be used within those standards; to require the use of national identification systems for health care patients, providers, payers (or plans), and employers (or sponsors); and to specify the types of measures required to protect the security and privacy of personally identifiable health care Information (PHI).
RETURN TO TOP
Business associate - A person who on behalf of a covered entity (or of an organized health care arrangement in which the covered entity participates) performs, or assists in the performance of:
o A function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing; or
o Any other function or activity regulated by this subchapter; or
o A person who provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity (or to or for an organized health care arrangement in which the covered entityparticipates) where the provision of the service involves the disclosure of individually identifiable health information from such covered entity (or arrangement), or from another business associate of such covered entity (or arrangement), to the person.
RETURN TO TOP
Clearinghouse - A public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. Billing services, repricing companies, community health management information systems, community health information systems, and ``value-added'' networks and switches are considered to be health care clearinghouses for purposes of this part.
RETURN TO TOP
Consent - Permission granted by the patient or the patient’s guardian to use or disclose protected health information for purposes of treatment, payment or health care operations.
RETURN TO TOP
Covered entities -
o A health plan
o A health care clearinghouse
o A health care provider
RETURN TO TOP
De-identified information - Health information that meets the standard and implementation specifications under 45 C.F.R. §164.514 (a) and (b).
RETURN TO TOP
Disclosure - The release, transfer, provision of access to, or divulging in any other manner of protected health information outside the entity holding the information.
RETURN TO TOP
Electronic data interchange (EDI) - Intercompany, computer-to-computer transmission of business information in a standard format. For EDI purists, ``computer-to- computer'' means direct transmission from the originating application program to the receiving, or processing, application program, and an EDI transmission consists only of business data, not any accompanying verbiage or free-form messages. Purists might also contend that a standard format is one that is approved by a national or international standards organization, as opposed to formats developed by industry groups or companies. (EDI Security, Control, and Audit)
RETURN TO TOP
Health Plan - any individual or group plan that provides, or pays the cost of, medical care -- including items and services paid for as medical care, to employees or their dependents directly or through insurance, reimbursement, or otherwise.
RETURN TO TOP
Health care operations - Any of the following activities (see 45 C.F.R. §164.501) of the covered entity to the extent that the activities are related to covered functions, and:
o Conducting quality assessment and improvement activities;
o Reviewing the competence or qualifications of health care professionals
o Underwriting, premium rating
o Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs;
o Business planning
o Business management and general administrative activities of the entity
RETURN TO TOP
HHS or Secretary - the Department of Health and Human Services or the Secretary of Health and Human Services.
RETURN TO TOP
Health information - Any information, oral or recorded in any medium, that:
o Is created or received by a health care provider, health plan, public health authority, employer, or health care clearinghouse; and
o Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
RETURN TO TOP
Hybrid entity - Means a single legal entity that is a covered entity and whose covered functions are not its primary functions.
RETURN TO TOP
Individually identifiable health information -- Means information that is a subset of health information, including demographic information collected from an individual, and:
o (1)Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
o (2)Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
- (i)That identifies the individual; or
- (ii)With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
RETURN TO TOP
Minimum necessary - When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity generally must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
RETURN TO TOP
Plan Sponsor - The employer in the case of an employee benefit plan established or maintained by a single employer, the employee organization in the case of a plan established or maintained by an employee organization, or in the case of a plan established or maintained by two or more employers or jointly by one or more employers and one or more employee organizations, the association, committee, joint board of trustees, or other similar group of representatives of the parties who establish or maintain the plans.
RETURN TO TOP
Protected health information (PHI) - Individually identifiable health information that is or has been electronically maintained or electronically transmitted by a covered entity, as well as such information when it takes any other form that is
o (1) Created or received by a health care provider, health plan, employer, or health care clearinghouse; and
o (2) Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.
o (3) Protected health information excludes individually identifiable health information in:
- Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
- Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
- Employment records held by a covered entity in its role as employer.
RETURN TO TOP
Small Health Plan - health plans having annual receipts of $5 million or less, an additional year (until April 14, 2004) to come into compliance. According to additional HIPAA guidance, health plans can use the following to determine their status: Health plans that do not report receipts to the IRS on identified tax forms. Health plans that do not report receipts to the IRS-for example, ERISA group health plans that are exempt from filing income tax returns-should use proxy measures to determine their annual receipts. Fully insured health plans should use the amount of total premiums which they paid for health insurance benefits during the plan's last full fiscal year. Self-insured plans, both funded and unfunded, should use the total amount paid for health care claims by the employer, plan sponsor, or benefit fund, as applicable to their circumstances, on behalf of the plan during the plan's last full fiscal year. Those plans that provide health benefits through a mix of purchased insurance and self-insurance should combine the proxy measures to determine their total annual receipts.
RETURN TO TOP
Summary Health Information - Information, that may be individually identifiable health information, and:
RETURN TO TOP
Treatment - Means the provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.
RETURN TO TOP
Unique user identifier - A combination name/number assigned and maintained in security procedures for identifying and tracking individual user identify. (§142.308(c) (1)(v) HHS HIPAA Security NRPM)
If you have any questions or complaints, please contact HIPAA Privacy and Compliance Office by phone: 972-687-1863 or email:
.
RETURN TO TOP
Disclaimer: EDH obtains its information from sources it believes to be reliable. However, due to human and mechanical errors as well as other factors, EDH makes no representations or other warranties, express or implied, to the accuracy of the information. This information is provided for discussion purposes only. It does not constitute legal advice and is not intended for use without advice of legal counsel. It is also not a substitute for legal or other professional advice. Users should consult their own legal counsel for advice regarding the application of the law and this document as it applies to the HIPAA regulations.
