HIPAA-Basic Key Terms (Introduction to HIPAA)
- MLJ CONSULTANCY LLC
- Nov 29, 2019
- 2 min read
Updated: Oct 20, 2024
HIPAA Basic Key Terms-Introduction to HIPAA
HIPAA: Health Insurance Portability and Accountability Act of 1996. Goal: to improve the efficiency and effectiveness of the nation's health care system. Adopted Standards and Operating Rules | CMS.
Covered Entities (CEs): Healthcare providers who conduct certain financial and administrative transactions electronically with PHI (Ex: Healthcare providers who submit claims electronically), Health Plans, and Health Care Clearinghouses.
PHI: Protected Health Information is any data in any form or medium, containing at least one HIPAA identifier, created, received, transmitted, or stored by covered entities, business associates and their subcontractors. The relationship with health information is essential.
Business Associates (BAs) use or disclose Protected Health Information (PHI) while they provide services to, or on behalf of a HIPAA Covered Entity (CE) and are not members of the HIPAA Covered Entity's workforce.
Subcontractors are contracted with Business Associates to help Business Associates with providing services to HIPAA Covered Entities or help Business Associates with performing services on behalf of HIPAA Covered Entities.
Business Associate Agreements (BAAs) or Contracts outline how the HIPAA Covered Entity (CE) and the Business Associate (BA) will handle the confidentiality, privacy, security, and integrity of Protected Health Information (PHI) involved.
Business Associate Agreement (BAA) or Contract is required between a Covered Entity (CE) and a Business Associate (BA), and between a Business Associate and its Subcontractors.
Data in motion-Example: Data that is being transferred via emails.
Data at rest-Example: Stored data
Breach: "A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information." https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.htm
Unsecured Protected Health Information: "Unsecured protected health information is protected health information that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of a technology or methodology specified by the Secretary in guidance." https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.htm
Comments