Discover published sets by community

Health Insurance Portability and Accountability Act.

Protected Health Information.

A health plan, healthcare clearinghouse, or healthcare provider who transmits any health information in electronic form.

A principle that dictates that only the minimum necessary PHI is to be used or disclosed for a particular task.

A document that explains how a covered entity uses and discloses PHI and the individual's rights under HIPAA.

A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or services for, a covered entity.

A set of standards that address the use and disclosure of individuals' PHI by covered entities.

A set of standards that set forth administrative, technical, and physical security procedures for covered entities to safeguard electronic PHI (e-PHI).

An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the PHI.

Health Information Technology for Economic and Clinical Health Act; it promotes the adoption and meaningful use of health information technology.

PHI that has had identifying information removed, making it no longer subject to HIPAA regulations.

A detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or healthcare operations.

The rule provides standards for the enforcement of all the Administrative Simplification Rules.

Situations where PHI can be disclosed without the individual’s authorization, such as for treatment, payment, or healthcare operations.

Secondary use or disclosure of PHI that cannot reasonably be prevented, is limited in nature, and that occurs as a by-product of an otherwise permitted use or disclosure.

Rights given to individuals including the right to access their PHI, request amendments, and obtain an accounting of disclosures.

HIPAA provides special protections for psychotherapy notes, which are given more privacy than other types of PHI.

Part of the Security Rule obligations, which involves assessing the potential risks and vulnerabilities to the confidentiality, availability, and integrity of e-PHI held by the covered entity.

Treatment, Payment, and Healthcare Operations. These are the main purposes for which the disclosure of PHI is considered permissible under HIPAA.

Office for Civil Rights. This is the HHS office responsible for enforcing HIPAA's Privacy and Security Rules.

Conversion of electronic data into another form, or code, that only people authorized to access can read and process.

Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect e-PHI and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.

Physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

The technology and the policy and procedures for its use that protect e-PHI and control access to it.

The rule that adopts standards for certain transactions and the data elements for those transactions and establishes that all covered entities must use these standards when conducting these transactions electronically.

This rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI.

Ensuring that each member of the covered entity’s workforce has appropriate access to e-PHI and that the access is in accordance with the applicable provisions of the Security Rule.

The process to reduce risks to e-PHI to reasonable and appropriate levels to comply with the general rules of the HIPAA Security Rule.

Technical tools and mechanisms which record and examine activity in information systems that contain or use e-PHI.