Discover published sets by community

Secondary use or disclosure of PHI that cannot reasonably be prevented, is limited in nature, and that occurs as a by-product of an otherwise permitted use or disclosure.

Health Insurance Portability and Accountability Act.

Part of the Security Rule obligations, which involves assessing the potential risks and vulnerabilities to the confidentiality, availability, and integrity of e-PHI held by the covered entity.

Ensuring that each member of the covered entity’s workforce has appropriate access to e-PHI and that the access is in accordance with the applicable provisions of the Security Rule.

A set of standards that address the use and disclosure of individuals' PHI by covered entities.

The rule provides standards for the enforcement of all the Administrative Simplification Rules.

Protected Health Information.

HIPAA provides special protections for psychotherapy notes, which are given more privacy than other types of PHI.

Office for Civil Rights. This is the HHS office responsible for enforcing HIPAA's Privacy and Security Rules.

Situations where PHI can be disclosed without the individual’s authorization, such as for treatment, payment, or healthcare operations.

Technical tools and mechanisms which record and examine activity in information systems that contain or use e-PHI.

This rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI.

Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect e-PHI and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.

A set of standards that set forth administrative, technical, and physical security procedures for covered entities to safeguard electronic PHI (e-PHI).

A health plan, healthcare clearinghouse, or healthcare provider who transmits any health information in electronic form.

A principle that dictates that only the minimum necessary PHI is to be used or disclosed for a particular task.

A document that explains how a covered entity uses and discloses PHI and the individual's rights under HIPAA.

A detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or healthcare operations.

The process to reduce risks to e-PHI to reasonable and appropriate levels to comply with the general rules of the HIPAA Security Rule.

A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or services for, a covered entity.

Physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the PHI.

The technology and the policy and procedures for its use that protect e-PHI and control access to it.

Conversion of electronic data into another form, or code, that only people authorized to access can read and process.

Health Information Technology for Economic and Clinical Health Act; it promotes the adoption and meaningful use of health information technology.

Rights given to individuals including the right to access their PHI, request amendments, and obtain an accounting of disclosures.

The rule that adopts standards for certain transactions and the data elements for those transactions and establishes that all covered entities must use these standards when conducting these transactions electronically.

PHI that has had identifying information removed, making it no longer subject to HIPAA regulations.

Treatment, Payment, and Healthcare Operations. These are the main purposes for which the disclosure of PHI is considered permissible under HIPAA.