Dentalgram May 2002 Health Insurance Portability & Accountability Act— Essential HIPAA Terminology Understanding the HIPAA regulations will be easier if you understand the following items: Protected health information (PHI). HIPAA regulations apply to “protected health information,” that is, medical information that contains any of a number of patient identifiers including name, Social Security number, telephone number, medical record number, or ZIP code. The regulations protect all individually identifiable health information in any form (electronic, paper-based, oral) that is stored or transmitted by a covered entity. Covered entities: Any health-care providers, health plans, or clearinghouses that electronically transmit medical information such as billing, claims, enrollment, or eligibility verification must meet HIPAA regulations. Covered entities also include medical practices (including solo practices), employers, rehabilitation centers, nursing homes, public health authorities, life insurance agencies, billing agencies and some vendors, service organizations, and universities. Business associates. Covered entities cannot circumvent HIPAA regulations by using a “business associate” such as a billing service or other agency, to handle their electronic transactions. HIPAA requires covered entities to verify that their business associates and partners have security measures in place and technology sufficient to avoid accidental disclosure or mishandling of individually identifiable health information. Business associates must also abide by HIPAA regulations, for example, by ensuring that the individuals who are the subject of the information have access to it. Privacy. HIPAA regulations protect an individual’s right to the privacy of his/her medical information to keep it from falling into the hands of people who would use it for commercial advantage, personal gain, or malicious harm. HIPAA privacy regulations require providers to obtain a signed consent form to use and disclose PHI for activities related to treatment, payment, and health-care operations, and to obtain a separate authorization to use or disclose PHI for any other purposes (e.g., marketing). Security. Security refers to a covered entity’s specific efforts to protect the integrity of the health information it holds, and prevent unauthorized breaches of privacy such as might occur if data are lost or destroyed by accident, stolen by intent, or sent to the wrong person in error. Security measures can be physical (e.g., locking rooms and storage facilities), administrative (e.g., policies and procedures covering access to information, user IDs and passwords, or punishments for violations of these), or technological (e.g., encryption of electronic data and use of digital signatures to authenticate users logging into a computer system).   Back University | Medical_Center | LLU&MC_home | Search | Employment | News_&_events | Academics | Our_mission | Admissions | Registration | Research | Alumni | Student_resources All contents copyright © 2001 Loma Linda University. All rights reserved. Revised February 14, 2001 Send comments and questions to webmaster@univ.llu.edu  URL: http://www.llu.edu