Some Basic Information:
HIPAA stands for the Health Insurance Portability and Accountability Act. It
is a federal regulation that protects the privacy of a patient’s healthcare
information. Electronic transaction regulations took effect in October 2002
and the privacy component of HIPAA in April 2003.
Key Terms and Concepts:
PHI - PHI stands for Protected Health Information. This includes any information
that can identify a particular individual with a particular health condition.
IIHI – IIHI stands for Individually Identifiable Health Information.
This also includes PHI plus any other identifying information about an individual
that could be connected with a person’s condition or with their particular
healthcare facility. IIHI can include email or URL, patient identifier number
such as the account number or a medical record number, a finger print, voice
print, or other biometric form of identification. A patient’s signature
is also considered IIHI.
Covered Entity (CE)- This is the facility where the patient is seen. Any health
care provider conducts electronic transactions is considered a Covered Entity
for HIPAA purposes.
Business Associate (BA)- A Business Associate is any business or individual
that provides a service to the Covered Entity to help him process or maintain
the PHI. The BA must have a specific contract identifying how the policies and
procedures of the BA will help to protect and keep confidential the PHI violation
when in their custody.
Chain of Trust - This is a pattern of documentation required by HIPAA to link
PHI to whoever has had access to it for a period not less than six (6) years.
Section 1175(b)(1)(A) of HIPAA requires all covered entities other than small health plans to comply with a standard or implementation specification “not later than 24 months after the date on which an initial standard or implementation specification is adopted or established” (April 21, 2005); Section 1175(b)(1)(B), however, provides that small health plans must comply not later than 36 months after that date (April 26, 2006). Small health plans are companies that meet the definition of a small business, under the Small Business Association's rules, w/ annual receipts of less than $5 million.