HIPAA at Austin Community College

The purpose of this glossary is to provide definitions of key terms that are frequently used when discussing the HIPAA rule, regulations, policies, and procedures. It is designed to help explain the terms used on this site, but is not intended to be a legal document.

A | B | C | D | E | F | G | H | I J K | L M N O | P Q | R | S | T | U V | W X Y Z

Administrative Simplification:

Title II, Subtitle F, of HIPAA, gives the U.S. Department of Health and Human Services the authority to mandate the use of standards for the electronic exchange of health care data; to specify what medical and administrative code sets should be used within those standards; to require the use of national identification systems for health care patients, providers, payers (or plans), and employers (or sponsors); and to specify the types of measures required to protect the security and privacy of personally identifiable health care information.

Top

BA:

See Business Associate

Top

Biometric Identifier:

An identifier based on some physical characteristic, such as a fingerprint.

Top

Business Associate:

A person or organization that performs a function or activity on behalf of a covered entity, but is not part of the covered entity's workforce. A business associate can also be a covered entity. Examples of business associate activities and functions include, but are not limited to,(a) claims processing or administration, (b) data analysis processing or administration, (c) utilization review, (d) quality assurance, (e) billing, (f) benefits management, (g) practice management, (h) re-pricing and (i) information technology. The business associate may also receive or create protected health information in the course of providing the following types of services to the covered entity: (a) legal, (b) actuarial, (c) accounting, (d) consulting, (e) data aggregation, (f) management, (g) administrative, (h) accreditation or (i) financial.

Top

CDC:

Centers for Disease Control and Prevention

Top

Clearinghouse:

See Health Care Clearinghouse

Top

Components: (ACC College HIPAA)

Covered Entities
- Dental Hygiene and Massage Therapy
Business Associates
- Health Sciences programs
- Health Professions Institute Programs
- Human Services Programs
Non-Business Associates
- Non-Business Associate Educational Departments
- Other ACC Departments

Top

Covered Entity:

Under HIPAA, this is a health plan, a health care clearinghouse, or a health care provider that transmits any health information in electronic form in connection with a HIPAA transaction.

Top

De-identified Information:

Health information that does not contain any elements (as described below in the definition of "protected health information") that have the potential to identify the individual.

Top

DHHS:

The United States Department of Health and Human Services

Top

Designated Record Set:

A group of records that:

Includes medical records and billing records about individuals maintained by or for the health care provider; or

Is used, in whole or in part, by or for the covered entity to make decisions about individuals.

Top

Direct Treatment Relationship:

A treatment relationship between an individual and a health care provider who delivers care directly to the individual.

Top

Disclosure:

The release of information by an entity to persons or organizations outside of that entity.

Top

Educational Activities:

Education conducted through training programs in which students, trainees, or practitioners in the health care field learn under supervision to practice or improve their skills as health care providers and/or training of non-health care professionals.

Top

Electronic Media:

Refers to the mode of electronic transmission. It includes the Internet (wide-open), Extranet (linking information only accessible to collaborating parties), leased lines, dial-up lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media.

Top

Electronic Protected Health Information (EPHI):

Individually identifiable health information that is: (1) transmitted by electronic media (2) maintained in electronic media.

Top

FERPA: Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

Top

Group Health Plan:

Under HIPAA this is an employee welfare benefit plan that provides medical care and that:

Has 50 or more participants (as defined in section 3(7) of ERISA, 29 U.S.C. 1002(7)); or

Is administered by an entity other than the employer that established and maintains the plan.

Top

Health Care:

Means care, services, or supplies related to the health of an individual. Health care includes but is not limited to the following: preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care. Further it can be the assessment or procedure with respect to the physical or mental condition, or functional status of an individual. Sale or dispensing of a drug or device in accordance to a prescription is also termed as health care.

Top

Health Care Clearinghouse:

Under HIPAA, this is an entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements.

Top

Health Care Components: Those parts of a hybrid entity that:

Perform covered functions under the HIPAA Privacy Rule (that is, health care provider, health plan, or health care clearinghouse functions), or
Receive, use, or disclose protected health information in the course of performing support functions for those components performing covered functions (e.g., legal, accounting, internal audit, information technology).

Top

Health Care Operations:

A broad range of business and administrative activities of a covered entity, including but not limited to the following:

Quality assessment and improvement activities;
Education and training of students and other trainees;
Reviewing the competence or qualifications of health care professionals, evaluating provider performance, health plan performance, and training, accreditation, certification, licensing, or credentialing activities;
Conducting or contracting for health care, legal, or audit services; and
Business planning, business management, and general administrative activities.

Top

Health Care Provider:

A provider of medical or health services and any other person or organization who furnishes, bills for, or is paid for health care in the normal course of business.

Top

HHS:

Department of Health and Human Services

Top

Health Information:

Means any information, whether oral or recorded in any form of medium, that:

Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
Relates to the past, present, or future physical or mental health condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Top

HIPAA:

The Health Insurance Portability and Accountability Act of 1996

Top

Hybrid Entity:

A covered entity whose functions covered by HIPAA are not its primary functions. A covered entity performs both health-related and functions not related to health and has segregated its various functions into health care components and non-health care components for purposes of compliance with the HIPAA Privacy Rule. Austin Community College is a hybrid entity.

Top

Indirect Treatment Relationship:

A relationship between an individual and a health care provider in which:

The health care provider delivers health care to the individual based on the orders of another health care provider; and
The health care provider typically provides services or products, or reports the diagnosis or results associated with the health care, directly to another health care provider, who then provides the services or products or reports to the individual.

Top

Individual:

The subject of protected health information.

Top

Limited Data Set:

Protected health information that excludes the following identifiers of the individual or of the individual's relatives, employers, or household members:

Names;
Addresses, other than town or city, state, and zip code;
Telephone numbers;
Fax numbers;
Electronic mail addresses;
Social Security numbers;
Medical record numbers;
Health plan beneficiary numbers;
Account numbers;
Certificate/license numbers;
Vehicle identifiers and serial numbers (including license plate numbers);
Device identifiers and serial numbers;
Universal Resource Locators (URLs);
Internet Protocol (IP) address numbers;
Biometric identifiers, including finger- and voiceprints; and
Full-face photographic images and any comparable images.

Top

PHI:

Protected health information (see definition below)

Top

Payment :

Compensation or reimbursement for the provision of health care services.

Top

Personal Representative:

Any person authorized under applicable law to act on behalf of the individual with respect to the individual's health care. For example, a personal representative may include the parent or guardian of a minor patient (unless the minor has the authority under Texas law to act on his or her own behalf), the guardian or conservator of an adult patient, or the representative of a deceased patient.

Top

Privacy Rule:

A regulation established under HIPAA which sets national standards for protecting the privacy of certain health information. The Privacy Rule became effective on April 14, 2003, and applies to health plans, health care clearinghouses and health care providers who conduct certain health care transactions electronically.

Top

Protected Health Information (PHI) :

Individually identifiable health information, maintained in any form or medium, that is created or received by a health care provider, health plan, or health care clearinghouse and that relates to:

The past, present or future mental or physical health of the individual;
Provision of health care to the individual; or,
Payment for the provision of health care to the individual.

Protected health information does not include education records covered by the Family Educational Rights and Privacy Act (FERPA) or employment records held by a covered entity in its role as employer. Following are some examples of identifiers, the presence of which cause health information to be protected health information:

Name
Date of birth
Address
Telephone number
Fax number
E-mail address
Social Security number
Medical record number
Account number
Driver's license number
Credit card number
Names of relatives
Name of employer
Health plan beneficiary number
Vehicle or other device serial number
Universal Resource Locator (URL)
Internet Protocol (IP) address numbers,
Finger- or voiceprints
Photographic or digital images
Type of injury, disease or condition
Type of treatment
Date and time of treatment

Protected health information does not include information related to blood banking activities, including procurement, testing, and other procedures.

Top

Research:

A systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge.

Top

Secretary of the DHHS:

The Secretary of the United States Department of Health and Human Services.

Top

SSN:

Social Security number

Top

TPO:

Treatment, payment, and health care operations.

Top

Transaction:

The transmission of information between two parties to carry out financial or administrative activities related to health care. It includes the following types of information transmissions:

Health care claims or equivalent encounter information;
Health care payment and remittance advice;
Coordination of benefits;
Health care claim status;
Enrollment and disenrollment from a health plan;
Eligibility for a health plan;
Health plan premium payments;
Referral certification and authorization;
First report of injury;
Health claims attachments; and
Other transactions that the Secretary may prescribe by regulation.

Top

Treatment:

The provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers (relating to a patient); or the referral of a patient for health care (from one health care provider to another.)

Top

Use:

With respect to protected health information, the sharing, employment, application, utilization, examination, or analysis of such information within the Austin Community College Covered Entity.

Top

Workforce:

A covered entity's employees, faculty, staff, volunteers, trainees, and other persons whose conduct, in the course of work for the covered entity, is under the covered entity's direct control, whether or not they are paid by the covered entity.

Top

References:

Top