Business Associate Agreement Covered Entities (CE) Electronic Data Interchange (EDI) Electronic Health Records (EHR) Electronic Protected Health Information (EPHI) Healthcare Clearinghouse Health Information Healthcare Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health (HITECH) HIPAA [..]

Anyone who has access to patient information, whether directly, indirectly, physically or virtually. Additionally, any organization that provides support in the treatment, payment or operations is considered a business associate, i.e. an IT company or a billing and claims processing company. Other examples include a document destruction company, a [..]

Anyone who provides treatment, payment and operations in healthcare. It could include a doctor’s office, dental office, clinics, psychologist, nursing home, pharmacy, hospital or home healthcare agency. This also includes health plans, health insurance companies, HMOs, company health plans and government programs that pay for health care. Health cl [..]

The communication or exchange of business documents between companies via computer.

Electronic health records are any electronic record of patient health information generated within a clinical institution or environment, such as a hospital or doctor’s office. This may include medical history, laboratory results, immunizations, demographics, etc.

Patient information collected by a health plan, health care provider, public health authority, employer, healthcare clearinghouse or other organization that falls under covered entity.

Established by the American Recovery and Reinvestment Act of 2009 (ARRA), the tiered civil penalty structure below determines the cause and consequences of the HIPAA breaches. The Secretary of the Department of Health and Human Services has the ability to ultimately determine fines and penalties due to the extent of the violation on a case-by-case [..]

An organization is in violation, but they have taken every possible step they could have foreseen to prevent that. Minimum fine: $100 per incident with annual maximum of $25,000 for repeat violations Maximum fine: $50,000 per violation with annual maximum of $1.5 million for repeat violations

There are two types of willful neglect. The first is when a company clearly ignores the HIPAA law but corrects their mistake within the given amount of time. Minimum fine: $10,000 per incident with annual maximum of $1.5 million for repeat violations Maximum fine: $50,000 per violation with annual maximum of $1.5 million for repeat violations The s [..]

A subset of health information, this includes demographic information about an individual’s health that identifies or can be used to identify the individual. This includes name, address, date of birth, etc.