Discover published sets by community

A health plan, healthcare clearinghouse, or healthcare provider who transmits any health information in electronic form.

A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or services for, a covered entity.

The rule provides standards for the enforcement of all the Administrative Simplification Rules.

Rights given to individuals including the right to access their PHI, request amendments, and obtain an accounting of disclosures.

Health Insurance Portability and Accountability Act.

A principle that dictates that only the minimum necessary PHI is to be used or disclosed for a particular task.

A set of standards that address the use and disclosure of individuals' PHI by covered entities.

Health Information Technology for Economic and Clinical Health Act; it promotes the adoption and meaningful use of health information technology.

PHI that has had identifying information removed, making it no longer subject to HIPAA regulations.

Conversion of electronic data into another form, or code, that only people authorized to access can read and process.

Technical tools and mechanisms which record and examine activity in information systems that contain or use e-PHI.

Treatment, Payment, and Healthcare Operations. These are the main purposes for which the disclosure of PHI is considered permissible under HIPAA.

Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect e-PHI and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.

The technology and the policy and procedures for its use that protect e-PHI and control access to it.

Ensuring that each member of the covered entity’s workforce has appropriate access to e-PHI and that the access is in accordance with the applicable provisions of the Security Rule.

A detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or healthcare operations.

Protected Health Information.

A set of standards that set forth administrative, technical, and physical security procedures for covered entities to safeguard electronic PHI (e-PHI).

Situations where PHI can be disclosed without the individual’s authorization, such as for treatment, payment, or healthcare operations.

Physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

This rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI.

A rule that implements modifications to the HIPAA Privacy, Security, and Enforcement Rules, and incorporates the changes made by the HITECH Act.

An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the PHI.

Part of the Security Rule obligations, which involves assessing the potential risks and vulnerabilities to the confidentiality, availability, and integrity of e-PHI held by the covered entity.

The rule that adopts standards for certain transactions and the data elements for those transactions and establishes that all covered entities must use these standards when conducting these transactions electronically.

The process to reduce risks to e-PHI to reasonable and appropriate levels to comply with the general rules of the HIPAA Security Rule.

A document that explains how a covered entity uses and discloses PHI and the individual's rights under HIPAA.

Secondary use or disclosure of PHI that cannot reasonably be prevented, is limited in nature, and that occurs as a by-product of an otherwise permitted use or disclosure.

HIPAA provides special protections for psychotherapy notes, which are given more privacy than other types of PHI.