HIPAA at a Glance

Common HIPAA Terms

10 cards   |   Total Attempts: 188
  

Related Topics

Cards In This Set

Front Back
HIPAA
Health Insurance Portability and Accountability Act of 1996 with a purpose of protecting the priviacy and security of patient data.
PHI
Protected Health Information, it includes names, social security numbers, date, and place of service, and all other individually identifiable information.
EPHI
Electronic Protected Health Information
HHS
Department of Health and Human Services that regulates the law, specifically the Office of Civil Rights(OCR).
EMR/EHR
Electronic Medical Records, Electronic Health Records
Covered Entity (CE)
Healthcare provider (doctors, clinics, dentists, psychologists, chiropractors, pharmacies), a healthcare clearinghouse (entities that process nonstandard health information they receive from another entity into a standard, i.e., standard electronic format or data content).
Business Associate (BA)
A person or an organiztion, other than a member of the covered entity, that performs activities or functions on behalf of, or services to, a covered entity that involve the use or disclosure of individually identifiable health information (claims processing, data analysis, billing/accounting, legal, management).
Health Care Clearinghouse
A public or private entity that either: 1)processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction; or 2) receives a standard HIPAA transaction from another entity and processes or facilitates the processing of information into nonstandard format or nonstandard data content for receiving entity.
Risk Analysis
The required implementation for Risk Analysis, requires a covered entity to "conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity."
Risk Management Plan
The required implementation specification for Risk Management, requires a covered entity to "implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with [(the General Requirements of the Security Rule)]."