HIPAA Overview Privacy Definitions Deadlines Key HIPAA Definitions Business Associate - A person outside your workforce who performs, or assists in performing a function or activity that involves the use or disclosure of individually identifiable health information, such as claims processing, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management practice management, repricing, legal actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity. A business associate may also be a covered entity if it performs a function mentioned above. A covered entity could be a business associate of another covered entity. Covered Entity - Health plans, health care clearinghouses, and any health care provider that electronically transmits medical information such as claims or encounters, enrollment or eligibility, or referral authorizations, must meet HIPAA's requirements. Covered entities can include medical practices (including solo practices), many employers, nursing homes, public health authorities, health insurance companies, some information technology vendors, many service organizations, and universities. Covered Transactions - A transaction is an exchange of information between two business partners. HIPAA defines an exchange as a covered transaction if there is a HIPAA electronic data interchange (computer-to-computer) standard for the exchange. Deadline - Don't mess with this. HIPAA compliance deadlines are usually two years from the date that the Rule was first published. EDI - Electronic data interchange is the computer-to-computer exchange of routine business information using publicly available standards. HIPAA EDI standards will permit providers, health plans, clearinghouses, and other entities to exchange business data electronically and process the information on computers with less human interaction. Final Rule - HHS finalizes a rule after public comment and revisions and then publishes the final rule in the Federal Register. It is expected that even final rules will be modified over time. Office for Civil Rights (OCR) - The department within HHS that has been given authority to educate, train and monitor compliance of medical privacy to protect patients' rights. (HIPAA Privacy Rule.) Medical privacy is one of OCR's nine major initiatives in 2003. For more information, go to www.hhs.gov/ocr. Payment - A good thing. HHS intends that it get less bureaucratic once health care achieves administrative simplification. If banking can simplify, so can health care. Protected Health Information - HIPAA Privacy Standards apply to "protected health information (PHI)"as information that is individually identifiable by virtue of its containing one or more patient identifiers, such as name, social security number, telephone number, medical record number, or postal ZIP code. The Privacy Standards apply to all individually identifiable health information regardless of form (electronic, paper or oral) that is stored or transmitted by a covered entity. Health information has had all identifiers stripped from it, called "de-identified," is not PHI. Certain aggregate health data sets are de-identified. PHI is soon to become a household term. A plaintiff's attorney could make a case that a conversation in a lobby or elevator revealed PHI about a patient. Requirement - A mandate contained in a law that compels an entity to make a use or disclosure of protected health information and that is enforceable in a court of law. Rule- A Rule is a document that includes the standards. Each rule started out as a proposed rule, or a document with the status of a Notice of Proposed Rule Making (NPRM). Standard - A standard is a requirement. Your practice must follow HIPAA standards. State Law - If it's more stringent than HIPAA, it takes priority over the federal Rule. Talk to your lawyer about state privacy laws. For more detailed glossary of HIPAA terms, consult www.hhs.gov/ocr and enter keywords, HIPAA + glossary. back to top