HIPAA

Business Associate

An individual or organization that provided business services to a CE and agrees to protect their patient health information

Protected Health Information PHI

Any piece of information that identifies or could be used to identify a specific individual

Covered Entity

Any provider, health plan, or clearinghouse to which the Privacy Rule applies.

Portability

Being able to transfer group health insurance form one job to another

Department of Justice

Government agency that investigates the most serious violations of the Privacy Rule

...

Guideline under HIPAA that sets national standards for the protection of health information

Privacy Rule

Guideline under HIPAA that sets national standards for the protection of health information

US Treasury

Monies collected under penalties imposed under the Privacy Rule are deposited by the ________, not disbursed to the complainant.

Zero Tolerance

Polices which are being adapted in healthcare organization in regard to workforce members who violate the organization privacy policies.

Authorization

Statement needed to release PHI for reasons other than treatment, payment of healthcare operation

Under HIPAA

The individual has the right to inspect a copy of his or her health record

Retaliation

The privacy rule prohibits acts of revenge know as _________, against any person filing a complaint about a privacy violation.

Reasonable

Under the Privacy Rule, workforce members are expected to take _____ steps to safe guard protected health information.

Impermissable

Unnecessary use or diclosure of health information that could have been reasonably prevented

Validated

When protected health information PHI is being used or disclosed for reasons other than treatment, payment, or healthcare operations, the authorization for the release of the PHI must be....

"Minimum necessary"

a concept of the Privacy Rule under which CEs are required to implement reasonable policies and procedures for workforce member to limit their use and disclosure of PHI to the minimum necessary to accomplish the intended purpose.

privacy official

a person responsible for all activities related to the development, implementation, and modification of activities involving the privacy of and access to PHI as required by federal, state, local, and organizational regulations and policies. The privacy official assists staff when requests are made for information and receives complaints.

Healthplan

an individual or group plan that provided or pays the cost of medical care

Qualified protected order

an order of the court that prohibits parties from using protected health information for any purpose other than litigation or proceeding for which the PHI has been requested.

Privacy Rule

applies to all healthcare providers, healthcare clearinghouses and healthcare plans

Workforce memebers

employees volunteers students and trainess of an healthcare organization

Office of civil rights

government agent that accepts and investigates complaints related to the Privacy Rule

Authorization

is required before PHI can be used for any purpose other than TPO. The authorization form has required statements and core elements: A description of the information to be used or disclosed The names of the persons making the request A description of the purpose of the request An expiration date for the authorization The signature of the individual and the date

Consent

required under some states' laws but not by HIPAA, authorizes the CE to disclose the individual's PHI to carry out TPO. You should check with your privacy official to determine whether the state you are working in requires consent

USE

the act of accessing any health information by a workforce member for the purpose of performing a task within a healthcare organization

Disclosure

the release, transfer, or sharing of health information with another individual or entity outside the healthcare organization holding this information