From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification and securing of protected health information. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register and citation to the Code of Federal Regulations (CFR). We begin the first series of postings with definitions from “Health…
Tag: Security
Word of the Day: Data Authentication
Data Authentication: The corroboration that data have not been altered or destroyed in an unauthorized manner.
HIPAA ‘Protected Health Information’: What Does PHI Include?
HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009. Of particular interest to readers is: what exactly is protected health information (PHI)? Protected Health Information To get to protected health information, you have to examine two definitions that were in Section 1171 of Part C of Subtitle F of Public Law 104-191 (August 21, 1996): Health Insurance Portability and Accountability Act of 1996: Administrative Simplification. These statutory definitions are of…
Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information
Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services Numerous forces are driving the health care industry towards the use of health information technology, such as the potential for reducing medical errors and health care costs, and increasing individuals’ involvement in their own health and health care. To facilitate this advancement and reap its benefits while reducing the risks, it is important to consider individual privacy interests together with the potential benefits to population health. Download (Requires Acrobat Reader)
HHS’s Health IT Policy Committee 2011 Draft Meaningful Use Objectives and Measures for Public Comment
The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…
HHS’s HIT Policy Committee Releases Draft Recommendations on Meaningful Use for Public Comment
The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…
HITECH Privacy Provisions Include HIPAA Privacy Definitions and New or Broadened Concepts
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of Vendor of Personal Health Records
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of Use
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of Treatment
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…