HIPAA - Quick Ref 3

HIPAA Quick Reference Guide For Employees

3.0 Terms

What is "PHI"?

Protected Health Information is health information about a patient held by health care providers and health plans. This includes things like:

Patient's medical record number
Patient's demographic information (e.g. address, telephone number)
Information doctors, nurses and other health care providers put in a patient's medical record
Images of the patient
Conversations a doctor has about a patient's care or treatment with nurses and others
Information about a patient in a doctor's computer system or a health insurer's computer system
Billing information about a patient at a clinic

Thinking about it another way, Protected Health Information (PHI) is any health information that can lead to the identity of an individual or the contents of the information can be used to make a reasonable assumption as to the identity of the individual.

What is meant by "use"?

Use means, with respect to individually identifiable health information, any sharing, application, utilization, examination, or analysis of such information within the physician practice, hospital, or clinic that maintains such information.

What is "disclosure"?

Disclosure is the release, transfer, provision or access to or divulging health information in any manner outside the Medical Center.

What does HIPAA mean by "treatment"?

Treatment is when a health care professional provides, coordinates or manages the health care services of one or more providers. This includes coordinating or managing the care with someone outside the Medical Center, consulting with other providers or referring the patient for health care to another provider.

What does HIPAA mean by "payment"?

Under HIPAA, payment means the activities we perform to get reimbursed for the health care services we have provided. For instance, determining eligibility of coverage, billing, claims management, collection activities, review of health care services with respect to medical necessity, utilization review activities and disclosure to consumer reporting agencies in an effort to collect reimbursement.

What does HIPAA mean by "health care operations"?

Under HIPAA, health care operations include activities that ensure our effective business operations. These include, but are not limited to conducting quality assessment and improvement activities, reviewing the competence of qualifications of health care professionals, evaluating practitioner and provider performance, health plan performance, conducting training programs, accreditation, certification, licensing, or credentialing activities, conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs, business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating the entity, including formulary development and administration, development or improvement of methods of payment.

What is "authorization"?

An Authorization is an individual's signed permission to allow healthcare professionals to Use or Disclose their protected health information (PHI) for reasons generally not related to treatment, payment or health care operations. The Authorization must include: a detailed description of the PHI elements to be disclosed, the person who will make the disclosure, the person or entity to which the disclosure will be made, an expiration date, and the purpose for which their PHI will be used.

What is "OCR"?

OCR is the acronym for the U.S. Office for Civil Rights. The OCR is responsible for enforcement of the HIPAA Privacy regulations.

Previous | Table of Contents | Next