Law & Ethics for the Health Professions Chapter 8

privacy

Freedom from unauthorized intrusion.

Health Insurance Portability & Accountability Act (HIPAA)

A federal law passed in 1996 to protect privacy and other health care rights for patients. The act helps workers keep continous health insurance coverage for themselves and their dependents when they change jobs, and protects confidential medical informat

covered entities

Health care providers and clearinghouses that transmit HIPAA transactions electronically, and must comply with HIPAA standards and rules.

covered transactions

Electronic exchanges of information between two covered-entity business partners using HIPAA-mandated transaction standards.

designated record set

Records maintained by or for a HIPAA-covered entity.

Notice of Privacy Practices (NPP)

A written document detailing a health care provider's privacy practices.

protected health information (PHI)

Information that contains one or more patient identifiers.

de-identify

To remove from health care transactions all information that identifies patients.

state preemption

If a state's privacy laws are stricter than HIPAA privacy standards, the state laws take precedence.

treatment, payment & health care operations (TPO)

A HIPPA term for qualified providers, disclosure of PHI to obtain reimbursment, and activies and transactions among entities. Treament means that a health care provider can provide care; payment means that a provider can disclose PHI to be reimbursed; hea

standard

A general requirement under HIPAA.

rule

A document that includes the HIPAA standards or requirements.

transaction

Transmission of information between two parties for financial or administrative activities.

code set

Under HIPAA, terms that provide for uniformity and simplification of health care billing and record keeping.

electronic transmission

The sending of information from one network-connected computer to another.

electronic data interchange (EDI)

The use of uniform electronic network protocols to transfer business information between organizations via computer networks.

permission

A reason under HIPAA for disclosing patient information.

limited data set

Protected health information from which certain patient identifiers have been removed.

security

Policies and procedures that protect PHI from unauthorized access.

firewalls

Hardware, software, or both designed to prevent unauthorized persons from accessing electronic information.

encryption

The scrambling or encoding of information before sending it electronically.

verification

The requirement under HIPAA to verify any request as legitimate before protected health information is released.

minimum necessary

Term referring to the limited amount of patient information that may be disclosed, depending on circumstances.

Privacy vs Security

HIPAA privacy rules state that all PHI must be protected, whether written, spoken or in electronic form. HIPAA security rules relate to electronic transactions and storage involving PHI.