Introduction to HIPAA Compliance
Expert-defined terms from the Professional Certificate in HIPAA Compliance in Health Care course at London School of Business and Administration. Free to read, free to share, paired with a professional course.
Accounting of Disclosures, this term refers to the process of tracking and docum… #
Accounting of Disclosures, this term refers to the process of tracking and documenting all disclosures of protected health information made by a covered entity, it is an essential aspect of HIPAA compliance and is used to ensure that patient information is being handled and disclosed in accordance with the regulations, the accounting of disclosures must be maintained for a period of six years and must include the date of the disclosure, the name of the entity or person who received the information, and a description of the information that was disclosed.
Administrative Simplification, this term refers to the provisions of the… #
Administrative Simplification, this term refers to the provisions of the HIPAA law that are designed to simplify the administration of health care and reduce the costs associated with claims processing and other administrative tasks, the administrative simplification provisions include standards for electronic transactions, code sets, and unique identifiers, these standards are designed to improve the efficiency and reduce the errors associated with administrative tasks.
Annual Notice of Privacy Practices, this term refers to the requirement t… #
Annual Notice of Privacy Practices, this term refers to the requirement that covered entities provide an annual notice to their patients regarding their privacy practices, the notice must include information about the uses and disclosures of protected health information, as well as the rights of the patient to access and amend their information, the notice must also include information about how to file a complaint with the covered entity or the Department of Health and Human Services.
Authorization, this term refers to the process of obtaining permission fr… #
Authorization, this term refers to the process of obtaining permission from a patient to use or disclose their protected health information, the authorization must be in writing and must include specific information, such as the purpose of the use or disclosure, the type of information that will be used or disclosed, and the entity or person who will be receiving the information, the authorization must also include an expiration date and a statement regarding the patient's right to revoke the authorization.
Breach Notification, this term refers to the requirement that covered… #
Breach Notification, this term refers to the requirement that covered entities notify patients and the Department of Health and Human Services in the event of a breach of unsecured protected health information, the notification must include specific information, such as the date of the breach, the type of information that was compromised, and the steps that the covered entity is taking to investigate and mitigate the breach, the notification must be made without unreasonable delay and in no case later than 60 days after the breach was discovered.
Business Associate, this term refers to an entity that performs ce… #
Business Associate, this term refers to an entity that performs certain functions or activities on behalf of a covered entity, such as claims processing or data analysis, the business associate must agree to comply with the requirements of HIPAA and must enter into a business associate agreement with the covered entity, the business associate agreement must include specific provisions, such as the obligations of the business associate to protect protected health information and the requirements for reporting breaches of unsecured protected health information.
Certification, this term refers to the process of verifying that a cov… #
Certification, this term refers to the process of verifying that a covered entity or business associate has met the requirements of HIPAA, the certification process typically involves a review of the entity's policies and procedures and a verification that the entity is complying with the regulations, the certification may be performed by a third-party auditor or by the Department of Health and Human Services.
Compliance, this term refers to the process of meeting the requirement… #
Compliance, this term refers to the process of meeting the requirements of HIPAA, compliance involves implementing policies and procedures to protect protected health information and to ensure that all uses and disclosures of protected health information are authorized and permitted under the regulations, compliance also involves training employees on the requirements of HIPAA and conducting regular audits to verify that the entity is complying with the regulations.
Complaint, this term refers to a formal allegation that a cover… #
Complaint, this term refers to a formal allegation that a covered entity or business associate has violated the requirements of HIPAA, the complaint may be filed with the Department of Health and Human Services or with the covered entity or business associate directly, the complaint must include specific information, such as the name and address of the complainant, a description of the alleged violation, and the date of the alleged violation.
Compliance Officer, this term refers to the individual who is responsi… #
Compliance Officer, this term refers to the individual who is responsible for ensuring that a covered entity or business associate is complying with the requirements of HIPAA, the compliance officer is typically responsible for developing and implementing policies and procedures to protect protected health information and to ensure that all uses and disclosures of protected health information are authorized and permitted under the regulations.
Covered Entity, this term refers to a health care provider , health pla… #
Covered Entity, this term refers to a health care provider, health plan, or health care clearinghouse that is subject to the requirements of HIPAA, covered entities include hospitals, physician offices, insurance companies, and pharmacies, covered entities are required to comply with the regulations of HIPAA and to protect protected health information.
Data Aggregation, this term refers to the process of combining protect… #
Data Aggregation, this term refers to the process of combining protected health information from multiple sources to create a new set of information, data aggregation is often used for research or public health purposes, data aggregation must be performed in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information.
De #
identification, this term refers to the process of removing identifiable information from protected health information to create a de-identified data set, de-identification is often used for research or public health purposes, de-identification must be performed in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information.
Disclosure, this term refers to the act of revealing or transferring</… #
Disclosure, this term refers to the act of revealing or transferring protected health information to an entity or person outside of the covered entity, disclosures may be permitted or required under the regulations of HIPAA, disclosures must be made in accordance with the regulations and must include safeguards to protect the privacy and security of the information.
Dispute Resolution, this term refers to the process of resolving dispu… #
Dispute Resolution, this term refers to the process of resolving disputes that arise between covered entities and business associates or between covered entities and patients, dispute resolution may involve negotiation, mediation, or arbitration, dispute resolution must be performed in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information.
Electronic Health Record, this term refers to a digital version of a p… #
Electronic Health Record, this term refers to a digital version of a patient's medical record, electronic health records are often used to improve the quality and efficiency of health care, electronic health records must be protected in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information.
Electronic Protected Health Information, this term refers to protected health… #
Electronic Protected Health Information, this term refers to protected health information that is electronically transmitted or maintained, electronic protected health information is subject to the regulations of HIPAA and must be protected with safeguards to prevent unauthorized access, use, or disclosure.
Enforcement, this term refers to the process of enforcing the regulati… #
Enforcement, this term refers to the process of enforcing the regulations of HIPAA, enforcement may involve investigations, penalties, and fines for non-compliance, enforcement is performed by the Department of Health and Human Services and is designed to ensure that covered entities and business associates are complying with the regulations of HIPAA.
Health Information Exchange, this term refers to the electronic sharin… #
Health Information Exchange, this term refers to the electronic sharing of health information between health care providers and organizations, health information exchange is often used to improve the quality and efficiency of health care, health information exchange must be performed in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information.
Health Insurance Portability and Accountability Act, this term refers to the … #
Health Insurance Portability and Accountability Act, this term refers to the law that regulates the use and disclosure of protected health information, the health insurance portability and accountability act is designed to protect the privacy and security of protected health information and to prevent unauthorized access, use, or disclosure of protected health information.
Incident Response, this term refers to the process of responding to a … #
Incident Response, this term refers to the process of responding to a security incident or breach of unsecured protected health information, incident response must be performed in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information, incident response involves identifying the cause of the incident, containment and eradication of the incident, and recovery from the incident.
Individual, this term refers to the person who is the subject of t… #
Individual, this term refers to the person who is the subject of the protected health information, the individual has rights under HIPAA to access and amend their protected health information, as well as to request restrictions on the use and disclosure of their protected health information.
Minimum Necessary, this term refers to the principle that covered enti… #
Minimum Necessary, this term refers to the principle that covered entities and business associates should only use or disclose the minimum amount of protected health information that is necessary to accomplish the intended purpose, the minimum necessary principle is designed to limit the use and disclosure of protected health information and to protect the privacy and security of the information.
Notice of Privacy Practices, this term refers to the notice that cover… #
Notice of Privacy Practices, this term refers to the notice that covered entities must provide to their patients regarding their privacy practices, the notice of privacy practices must include information about the uses and disclosures of protected health information, as well as the rights of the patient to access and amend their protected health information, the notice of privacy practices must also include information about how to file a complaint with the covered entity or the Department of Health and Human Services.
Patient, this term refers to the individual who is the subject of… #
Patient, this term refers to the individual who is the subject of the protected health information, the patient has rights under HIPAA to access and amend their protected health information, as well as to request restrictions on the use and disclosure of their protected health information.
Personal Representative, this term refers to the individual who is aut… #
Personal Representative, this term refers to the individual who is authorized to act on behalf of the patient in making decisions about their protected health information, the personal representative may be a family member, a friend, or a legal representative, the personal representative has the same rights as the patient under HIPAA to access and amend the protected health information.
Privacy Officer, this term refers to the individual who is responsible… #
Privacy Officer, this term refers to the individual who is responsible for ensuring that a covered entity or business associate is complying with the regulations of HIPAA related to privacy, the privacy officer is typically responsible for developing and implementing policies and procedures to protect protected health information and to ensure that all uses and disclosures of protected health information are authorized and permitted under the regulations.
Protected Health Information, this term refers to individually identifiable h… #
Protected Health Information, this term refers to individually identifiable health information that is transmitted or maintained by a covered entity or business associate, protected health information includes demographic information, medical histories, test results, and billing information, protected health information is subject to the regulations of HIPAA and must be protected with safeguards to prevent unauthorized access, use, or disclosure.
Risk Analysis, this term refers to the process of identifying and asse… #
Risk Analysis, this term refers to the process of identifying and assessing potential risks to the security of electronic protected health information, risk analysis is a requirement under the HIPAA security rule and must be performed regularly to identify and mitigate potential risks to the security of electronic protected health information.
Security Incident, this term refers to an unauthorized access , … #
Security Incident, this term refers to an unauthorized access, use, or disclosure of electronic protected health information, security incidents may be caused by hacking, theft, or other malicious activities, security incidents must be reported to the Department of Health and Human Services and must be investigated and mitigated in accordance with the regulations of HIPAA.
Security Rule, this term refers to the regulations under HIPAA tha… #
Security Rule, this term refers to the regulations under HIPAA that are designed to protect the security of electronic protected health information, the security rule requires covered entities and business associates to implement safeguards to prevent unauthorized access, use, or disclosure of electronic protected health information, the security rule includes provisions related to access control, audit controls, and data backup and storage.
Training, this term refers to the process of educating employees o… #
Training, this term refers to the process of educating employees on the requirements of HIPAA and the policies and procedures of the covered entity or business associate, training is a requirement under HIPAA and must be provided to all employees who have access to protected health information, training must include information on the importance of protecting protected health information and the consequences of non-compliance with the regulations of HIPAA.
Unsecured Protected Health Information, this term refers to protected health… #
Unsecured Protected Health Information, this term refers to protected health information that is not protected by safeguards to prevent unauthorized access, use, or disclosure, unsecured protected health information is subject to the breach notification requirements under HIPAA, which require covered entities and business associates to notify patients and the Department of Health and Human Services in the event of a breach of unsecured protected health information.
Use, this term refers to the employment of protected health informatio… #
Use, this term refers to the employment of protected health information by a covered entity or business associate for a purpose that is permitted or required under the regulations of HIPAA, use may include treatment, payment, or health care operations, use must be performed in accordance with the regulations of HIPAA and must include safeguards to protect the privacy and security of the information.