Regulatory Glossary

All | # A B C D E F G H I J K L M N O P Q R S T U V W X Y Z | Submit a name
There are currently 100 names in this directory
18 Identifiers which make up PHI
Name Address (all geographic subdivisions smaller than state, including street address, city county, and zip code) All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89) Telephone numbers Fax number Email address Social Security Number Medical record number Health plan beneficiary number Account number Certificate or license number Any vehicle or other device serial number Web URL Internet Protocol (IP) Address Finger or voice print Photographic image - Photographic images are not limited to images of the face. Any other characteristic that could uniquely identify the individual

Accounting of Disclosures
Under the Privacy Rule, patients have the right to receive a listing, known as an Accounting of Disclosures, of their information that is disclosed to others by their physician.

Administrative Safeguards
Administrative Safeguards are administrative actions, policies, and procedures to prevent, detect, contain, and correct security violations. Administrative safeguards involve the selection, development, implementation, and maintenance of security measures to protect ePHI and to manage the conduct of workforce members in relation to the protection of that information.

Administrative Simplification
The goal of Title I of the HIPAA legislation. By creating National standards, the Federal Government strove to create one format for each type of health care transaction in an attempt to alleviate the administrative burden of servicing multiple formats.

ADT System Flag
Admission, Discharge, Transfer (ADT) notification is widely regarded as a keystone to improving patient care coordination through health information exchange. ADT messages are sent when a patient is admitted to a hospital, transferred to another facility, or discharged from the hospital. Alerts are then sent to update physicians and care management teams on a patient’s status, thus improving post‐discharge transitions, prompting follow‐up, improving communication among providers, and supporting patients with multiple or chronic conditions.

American Health Information Management Association (A.H.I.M.A.)
The American Health Information Management Association is a professional organization for the field of effective management of health data and medical record needed to deliver quality healthcare to the public management. Source = http://www.ahima.org/

American Recovery and Reinvestment Act of 2009 (A.R.R.A.)
Important law passed that led to the H.I.T.E.C.H. act, which came into effect 2/23/2010. H.I.T.E.C.H. made it so BAs are required to meet the same privacy and security compliance regulations as Covered Entities. BAs were now also subject to penalties.

Attest/Attestations
Affirm in an Official fashion. In regards to HIPAA Policy and Procedure(s) this means one has agreed to the terms set before them in writing and understands them.

Audit
An official examination and verification of accounts and records.

Authorization
Managed Care Organization approval necessary prior to the receipt of care. Generally, this is different from a referral in that, an authorization can be a verbal or written approval from the Managed Care Organization whereas a referral is generally a written document that must be received by a doctor before giving care to the beneficiary.

Authorization Restrictions
Patients have a right to restrict authorizations. They can authorize all or a portion of the information they authorize release of. Also, patients can revoke authorization.

Availability of PHI
HIPAA called on the Secretary of HHS to issue security regulations regarding measures for protecting the integrity, confidentiality, and availability of e-PHI that is held or transmitted by covered entities. In short, a patient must have access to their records upon request. This is regardless of a natural disaster which may affect the facility, for example. Procedures must be put into place in order to ensure patients always have access to their PHI.

Benchmarking
The measurement of performance against 'best practice' standards. Source = Compliance 101, 3rd Ed., published by HCCA, pg. 134

Best Practice Standards
Generally recognized superior performance by organizations in operational and/or financial processes. Source = Compliance 101, 3rd Ed., published by HCCA, pg. 134

Breach
Means the acquisition, access, use, or disclosure of protected health information in a manner not permitted that compromises the security or privacy of the PHI.

Business Associate (B.A.)
By law, the HIPAA Privacy Rule applies only to covered entities – health plans, health care clearinghouses, and certain health care providers. However, most health care providers and health plans do not carry out all of their health care activities and functions by themselves. Instead, they often use the services of a variety of other persons or businesses. The Privacy Rule allows covered providers and health plans to disclose protected health information to these “business associates” if the providers or plans obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity’s duties under the Privacy Rule. Covered entities may disclose protected health information to an entity in its role as a business associate only to help the covered entity carry out its health care functions – not for the business associate’s independent use or purposes, except as needed for the proper management and administration of the business associate. Source = http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/

Business Associate Agreement (B.A.A.)
A written agreement between a Covered Entity and a Business Associate which states that both sides will do all they can to maintain safety of PHI and that minimal information to complete a job will be disseminated to the Business Associate. As per Omnibus in 2013 the Business Associate agrees to also be HIPAA Compliant and the Covered Entity assumes risk if the Business Associate has a breach.

Centers for Medicaid and Medicare Services (C.M.S.)
The Centers for Medicare & Medicaid Services, CMS, is part of the Department of Health and Human Services (HHS). The programs they administer include: Medicare, Medicaid, the Children’s Health Insurance Program (CHIP), and the Health Insurance Marketplace. Source = https://www.cms.gov/About-CMS/About-CMS.html

Civil Monetary Penalties Law (C.M.P.L.)
Regulations which apply to any claim for an item or service that was not provided as claimed or that was knowingly submitted as false and which provides guidelines for the levying of fines for such offenses. Source = Compliance 101, 3rd Ed., published by HCCA, Pg. 135

Clean Desk Policy
A Clean Desk Policy means that you have instituted a rule that anything which may potentially contain a Patient’s PHI is removed from an Employee’s workstation when they are no longer near it.

Code of Federal Regulations (C.F.R.)
The Code of Federal Regulations (CFR) is an annual codification of the general and permanent rules published in the Federal Register by the executive departments and agencies of the Federal Government. Source = http://www.archives.gov/federal-register/cfr/about.html

Code Set
Under HIPAA, this is any set of codes used to encode data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes. This includes both the codes and their descriptions.

Computerized Provider Order Entry (C.P.O.E.)
Refers to any system in which clinicians directly enter medication orders (and, increasingly, tests and procedures) into a computer system, which then transmits the order directly to the pharmacy.

Confidentiality of PHI
HIPAA called on the Secretary of HHS to issue security regulations regarding measures for protecting the integrity, confidentiality, and availability of e-PHI that is held or transmitted by covered entities. In short, we keep everything private and confidential at all costs.

Contingency Plan
The Centers for Medicare and Medicaid Services (CMS) define a contingency plan as “an alternate way of doing business when established routines are disrupted.” CMS offers the following seven steps as general guidelines for creating that plan: (1) assess your situation, (2) identify risks, (3) formulate an action plan, (4) decide if and when to activate your plan, (5) communicate the plan, (6) test your plan, and (7) treat your contingency plan as an evolving process. In addition to planning against disruptions in routines, healthcare entities are required to develop a HIPAA security contingency plan in the event of a security breach that jeopardizes PHI.

Corporate Integrity Agreement (C.I.A.)
A negotiated settlement between an organization and the government in which the provider accepts no liability but must agree to implement a strict plan of government-supervised corrective action. Source = Compliance 101, 3rd Ed., published by HCCA, pg. 135

Covered Entity
A Covered Entity is one of the following -

Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes and Pharmacies are all Covered Entities but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.

Health Plans are also Covered Entities and include; Insurance Companies, HMOs, Company Health Plans, and Government Programs that pay for health care, such as Medicare, Medicaid and the Military/Veterans health care programs.

Also, a Health Care Clearinghouse would be considered a Covered Entity and includes establishments that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.


Data at Rest
Data at rest is a term for the files which reside on your computer. While at rest, these files which contain PHI, must be encrypted in case anyone penetrates your network and gains remote access.

Data in Motion
Data in motion is a term for files which travel from terminal to terminal. While in motion, these files which contain PHI, must be encrypted in case anyone penetrates the network on either the side of the sender or recipient.

De-Identification of PHI
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is de–identified.

Designated Record Set
1. - A group of records maintained by or for a covered entity, that is: i - The Medical and Billing records about individuals maintained by or for the covered health care provider - ii - The enrollment, payment, claims adjudication and case or medical management records systems maintained by or for a health plan - iii - Used, in whole or in part, by or for the covered entity to make decisions about individuals. - 2. - For purposes of the paragraph above, the term record means any item that includes protected health information and is maintained, collected, used or disseminated by or for a covered entity. Source = Compliance 101, 3rd Ed., published by HCCA, Pg. 136

Disclosure
The release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information. Source = Compliance 101, 3rd Ed., published by HCCA, Pg. 137

Effective Date
Under HIPAA, this is the date that a final rule is effective, which is usually 60 days after it is published in the Federal Register. Source = https://www.cms.gov/apps/glossary/default.asp?Letter=E&Language=English

Electronic Data Interchange (E.D.I.)
Electronic Data Interchange (E.D.I.) is the electronic interchange of business information using a standardized format; a process which allows one company to send information to another company electronically rather than with paper.

Electronic Health Record (E.H.R.)/Electronic Medical Record (E.M.R.)
An electronic version of a patients medical history.

Electronic Protected Health Information (ePHI)
Refers to any PHI that is covered under HIPAA security regulations and is produced, saved, transferred or received in an electronic form.

Encryption
Encryption is the purposeful modification of source material to render it unreadable to unintended parties. Encryption is not exactly a requirement under the HIPAA rule. However, you are required to address anything which is reasonable and manageable. For that reason, we always recommend full disk encryption and the utilization of encrypted email.

Facility Access Controls
Facility Access Controls establishes protocols for securing facilities that contain Electronic Protected Health Information (ePHI). You shall reasonably safeguard ePHI from any intentional or unintentional use or disclosure. You shall also protect its facilities where ePHI can be accessed. Also, you shall safeguard its facilities and the equipment therein from unauthorized physical access, tampering and theft. Your Compliance Officers shall annually audit facilities to ensure that ePHI safeguards are continuously being maintained.

False Claims Act
Originally adopted by the US Congress in 1863 during the Civil War to discourage suppliers for overcharging the federal government, legislation that prohibits anyone from knowingly submitting or causing to be submitted a false or fraudulent claim. Source = Compliance 101, 3rd Ed., published by HCCA, Pg. 137

Family Educational Rights and Privacy Act (F.E.R.P.A.)
FERPA gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. The HIPAA Rules do not apply to individually identifiable health information in your practice’s employment records or in records covered by the Family Educational Rights and Privacy Act (FERPA), as amended.

Federal Register
The 'Federal Register' is the official daily publication for rules, proposed rules and notices of federal agencies and organizations, as well as Executive Orders and other Presidential documents. Source = https://www.cms.gov/apps/glossary/default.asp?Letter=F&Language=English

Genetic Information Nondiscrimination Act (G.I.N.A.)
The Act prohibits group health plans and health insurers from denying coverage to a healthy individual or charging that person higher premiums based solely on a genetic predisposition to developing a disease in the future.

Health and Human Services (H.H.S.)
HHS is the Cabinet-level department of the Federal executive branch most involved with the Nation's human concerns. They are the over-arching Governmental body who manages and enforces the HIPAA rule (sic). Source = https://www.federalregister.gov/agencies/health-and-human-services-department

Health Information Exchange (H.I.E.)
Health Information Exchange allows health care professionals and patients to appropriately access and securely share a patient’s vital medical information electronically. There are many health care delivery scenarios driving the technology behind the different forms of health information exchange available today. Source = https://www.healthit.gov/HIE

Health Information Organization (H.I.O.)
Health information organizations (H.I.O.) are U.S. government-led non-profit health organizations that provide information about the American Recovery and Reinvestment Act (A.R.R.A.) of 2009 as it pertains to electronic health records (E.H.R.s) development for incentive payments. These organizations focus on the importance of and instruction for interoperability and the exchange of E.H.R.s among medical facilities as per the A.R.R.A. H.I.O.s can function at the Federal, State and Local level.

Health Information Technology
Health Information Technology (Health IT) makes it possible for health care providers to better manage patient care through secure use and sharing of health information. Health IT includes the use of electronic health records (EHRs) instead of paper medical records to maintain people's health information. Source = https://www.healthit.gov/

Health Information Technology for Economic and Clinical Health Act (H.I.T.E.C.H.)
Enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA). HITECH is designed to encourage health care providers to adopt health information technology that establishes electronic health records in a standardized manner that protects patients' private health information. In addition, it the requires the Department of Health and Human Services (HHS) to modify the HIPAA Privacy, Security, and Enforcement Rules to strengthen health information privacy and security protections. Source = Compliance 101, 3rd Ed., Published by the HCCA, Pg. 140

Health Insurance Portability and Accountability Act (H.I.P.A.A.)
A regulation to guarantee patients new rights and protections against the misuse or disclosure of their health records.

Healthcare Clearinghouse
A public or private entity that does either of the following (Entities, including but not limited to, billing services, repricing companies, community health management information systems or community health information systems, and "value-added" networks and switches are health care clearinghouses if they perform these functions): 1) Processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction; 2) Receives a standard transaction from another entity and processes or facilitates the processing of information into nonstandard format or nonstandard data content for a receiving entity. Source = https://www.cms.gov/apps/glossary/default.asp?Letter=H&Language=English

Healthcare Information and Management Systems Society (H.I.M.S.S.)
HIMSS is a global, cause-based, not-for-profit organization focused on better health through information technology (IT). HIMSS leads efforts to optimize health engagements and care outcomes using information technology. Source = http://www.himss.org/

Helpline/Hotline
A common reporting system, administered in-house or by outside consultants, giving anonymous telephone accessto employees seeking to report possible instances or wrongdoing. Source = Compliance 101, 3rd Ed., Published by the HCCA, Pg. 142

Hybrid Organizations
There are Covered Entities and Non-Covered Entities. There is also a third designation, the Hybrid Covered Entity. This is a single, legal entity, that has at least one component that performs functions which would qualify as a H.I.P.A.A. C.E., such as providing health care, or performing a clearing house role; and yet the larger Organizations perform other functions which have nothing to do with the Health Care Industry.

Identifiers
National Standards that identify payers, providers, employers and individuals for error free identification in electronic transactions.

Incident
The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

Individually Identifiable Health Information (I.I.H.I.)
Information that identifies, or can reasonably be used to identify the individual.

Inspector General
An officer of a federal agency whose primary function is to conduct and supervise audits and investigations relating to operations and procedures over which the agency has jurisdiction. Source = Compliance 101, Ed. 3, Published by HCCA, Pg. 142

Integrity of PHI
HIPAA called on the Secretary of HHS to issue security regulations regarding measures for protecting the integrity, confidentiality, and availability of e-PHI that is held or transmitted by covered entities. In short, you must ensure that the data containing PHI which is received comes from the expected source and is accurate.

Local Area Network (L.A.N.)
A Local Area Network, or L.A.N., is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, doctor's office. Ethernet and Wi-Fi connections are the most common examples of this.

Managed Care Organization (M.C.O.)
An organization that combines the functions of health insurance, delivery of care, and administration.

Minimum Necessary Standard
Except for disclosures to other health care providers for treatment purposes, you must make reasonable efforts to use or disclose only the minimum amount of PHI needed to accomplish the intended purpose of the use or disclosure.

National Instant Criminal Background Check System (N.I.S.C.)
On January 4, 2016, the Department of Health and Human Services (HHS) moved forward on the Administration’s commitment to modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to expressly permit certain covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of those individuals who, for mental health reasons, already are prohibited by Federal law from having a firearm. Source = http://www.hhs.gov/hipaa/for-professionals/special-topics/NICS/index.html

National Provider Identifier (N.P.I.)
The National Provider Identifier (N.P.I.) is a Health Insurance Portability and Accountability Act (H.I.P.A.A.) Administrative Simplification Standard. The N.P.I. is a unique identification number for covered health care providers. Covered health care providers and all health plans and health care clearinghouses must use the N.P.I.s in the administrative and financial transactions adopted under H.I.P.A.A. The N.P.I. is a 10-position, intelligence-free numeric identifier (10-digit number). This means that the numbers do not carry other information about healthcare providers, such as the state in which they live or their medical specialty. The N.P.I. must be used in lieu of legacy provider identifiers in the H.I.P.A.A. standards transactions.

Notice of Privacy Practices (N.P.P.)
This is a required document under the privacy rule. It essentially informs the patient of how you will keep their information private, via the practices upheld stemming from the privacy rule. This document must be provided upon intake and made readily available if someone wishes to take one with them. Aside from that, wall hangings are necessary to comply in this fashion. Last, if you have a website, you MUST post your N.P.P. there.

Notice of Proposed Rulemaking (N.P.R.M.)
A public notice issued by law when one of the independent agencies of the United States government wishes to add, remove, or change a rule or regulation as part of the rulemaking process. The HITECH Act is an example of where the NPRM was used to change the HIPAA Rule.

Office of Civil Rights (O.C.R.)
Through the federal civil rights laws and Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, OCR protects your fundamental nondiscrimination and health information privacy rights by; A) Teaching health and social service workers about civil rights, health information privacy, and patient safety confidentiality laws, B) Educating communities about civil rights and health information privacy rights, and C) Investigating civil rights, health information privacy, and patient safety confidentiality complaints to identify discrimination or violation of the law and take action to correct problems. Source = http://www.hhs.gov/ocr/about-us/index.html

Opt Out Rule
Requires a Covered Health Provider that intends to send treatment communications to individuals and has received financial remuneration in exchange for making the communication to, in it's N.P.P., notify individuals of this intention and to inform them they can opt out of receiving such notifications.

Organizational Standards
These standards require a CE to have contracts or other arrangements with BAs that will have access to the CE’s ePHI. The standards provide the specific criteria required for written contracts or other arrangements.

Personal Health Record (P.H.R.)
An individual may request that you transmit PHI in your records to his or her Personal Health Record (PHR) or to another physician. Your EHR developers, as your BAs, must cooperate in this obligation.

Personal Representatives
Someone acting on behalf of the patient because they are unable to speak for themselves, can exercise all H.I.P.A.A. rights guaranteed to the individual.

Personally Identifiable Information (P.I.I.)
Information which can be used to distinguish or trace an individual’s identity, such as their name, Social Security Number, biometric records, etc. Alone or when combined with other personal or identifying info which is linked or linkable to a specific individual, such as date and place of birth, Mother’s maiden name, etc. Source = http://www.hhs.gov/ocio/securityprivacy/awarenesstraining/privacyawarenesstraining.pdf

Physical Safeguards
These safeguards are physical measures, policies, and procedures to protect electronic information systems and related buildings / equipment from natural and environmental hazards / unauthorized intrusion. These safeguards are the technology and the policies and procedures for its use that protect ePHI and control access to it.

Place of Service (POS) Codes
Place of Service Codes are two-digit codes placed on health care professional claims to indicate the setting in which a service was provided. The Centers for Medicare & Medicaid Services (CMS) maintain POS codes used throughout the health care industry.

Policies and Procedures
An integral part of your HIPAA compliance plan. Policies and procedures are what will save you in the case of an audit. Written procedures are the correct way to go about doing things in a compliant manner. Written policies are your proof that you ARE doing the right thing procedurally and are your evidence that you were doing the right thing all along.

Privacy Rule
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. Source = http://www.hhs.gov/hipaa/for-professionals/privacy/index.html

Procedure Code System (P.C.S.)
Another frequently used code group is Diagnostic and Procedure Codes. These are used by the provider to designate exactly what illness was diagnosed or what treatment was given during the patient event (visit).

Protected Health Information (P.H.I.)
Individually identifiable health information held or transmitted by a CE or its BA, in any form or media, whether electronic, paper, or oral.

Record Keeping
Records must be retained for a minimum of six years from date created, or when last in effect.

Regional Extension Center (R.E.C.)
The Office of the National Coordinator for Health Information technology (ONC) has funded 62 Regional Extension Centers (RECs) to help more than 100,000 primary care providers adopt and use electronic health records (EHRs). Providers do not have to become technology experts to achieve meaningful use of EHRs; RECs will provide them with on-the-ground assistance. REC services include outreach and education, EHR support (such as working with vendors, or helping providers choose a certified EHR system), and technical assistance in implementing health IT and using it in a meaningful way to improve care. Source = https://www.healthit.gov/providers-professionals/listing-regional-extension-centers

Safeguard(s)
The Safeguards Principle in the Privacy and Security Framework emphasizes that trust in electronic health information exchange can only be achieved if reasonable administrative, technical, and physical safeguards are in place. The HIPAA Privacy Rule supports the Safeguards Principle by requiring covered entities to implement appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI). See 45 C.F.R. § 164.530(c). Source = http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/healthit/safeguards.pdf

Sanction Policy (Required)
Apply appropriate penalties against workforce members who fail to comply with the security policies and procedures of the entity. Employees need to know that violation of these Federal policies will have repercussions from their employer, up to and including the possibility of termination.

Security Officer
The Security Officer is the point person for any security related concerns or questions. They are responsible for the oversight of HIPAA Security Rule, implementation by departments and has the ultimate task for ensuring HIPAA Security Rule policies are implemented and followed. This does not need to be the most technically-inclined person within your Organization. It needs to be someone with enough authority to delegate tasks related to security (usually your IT team).

Security Risk Assessment (S.R.A.)
Will guide you through a systematic examination of many aspects of your health care practice to identify potential security weaknesses and flaws.

Security Rule
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Source = http://www.hhs.gov/hipaa/for-professionals/security

Stricter Standard
The Stricter Standard is intended for when State and Federal Laws conflict. In this circumstance, utilize the standard which is more stringent to be on the safe side.

Strong Password
A Strong Password is something not immediately obvious to an outside individual. A Strong Password must be at least 8 characters and contain one capital letter, a number and a special character.

Technical Due Dilligence
The Law states that any associate to your Organization with whom you share electronic PHI requires vetting. This means that when sharing ePHI, certain assurances must be gained before sharing can commence. This vetting process will mitigate your liability and exposure. Essentially, you are double checking your associate in order to make sure they know the appropriate way to handle your ePHI (electronic protected health information).

Technical Safeguards
The Security Rule defines technical safeguards in § 164.304 as, “The technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” Source = http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

The Seven Fundamentals of an Effective Compliance Plan
The Office of Inspector General (O.I.G.) created this list below in order to inform what is necessary to have a full-functioning compliance plan - 1. Implementing written policies, procedures and standards of conduct. 2. Designating a compliance officer and compliance committee. 3. Conducting effective training and education. 4. Developing effective lines of communication. 5. Conducting internal monitoring and auditing. 6. Enforcing standards through well-publicized disciplinary guidelines. 7. Responding promptly to detected offenses and undertaking corrective action.

Title I
Title I deals with Insurance Portability. It is important to us as individuals because it protects us from the possibility of losing coverage from our existing insurance company and it enables us to move to another provider more easily if we find a better rate for the same or more extensive coverage.

Title II
Title II addresses Administrative Simplification. It deals with Fraud, Waste and Abuse medical liability reform, Electronic Data Interchange (E.D.I.- Transaction and Code Sets), Identifiers, Privacy and Security.

Title III
Title III covers the tax related health provisions (tax changes).

Title IV
Title IV explains the application and enforcement of Group Health Plan requirements.

Title V
Title V Addresses revenue offsets. Previously the only alternative was COBRA.

Transactions and Code Sets
National standards for electronic health care transactions, codes and identifiers that allow compatible formats between healthcare providers and health care plans.

Treatment, Payment and healthcare Operations (T.P.O.)
The primary areas where health care workers will need to use patients' protected health information. Source = Compliance 101, Ed. 3, Published by HCCA, Pg. 147

United States Code (U.S.C.)
The United States Code is a consolidation and codification by subject matter of the general and permanent laws of the United States. It is prepared by the Office of the Law Revision Counsel of the United States House of Representatives. Source = http://uscode.house.gov/

Upcoding
A main focus of the OIG (Office of Inspector General) is on preventing fraud such as Upcoding. Upcoding is the act of using billing codes that provide a higher rate than the services performed. Recently, under the HIPAA rule, Civil/Monetary penalties have been introduced for acts such as Upcoding.

Uses
The HIPAA definition of Use means, with respect to individually identifiable health information (I.I.H.I.), the sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information.

Vendor
Any person or organization that you pay money to for a specific task that is not a member of your direct staff. Vendors may include 'regular' vendors, such as members of a Cleaning Crew, or Business Associates (such as your Clearinghouse, or IT Specialist).

Wide Area Network (W.A.N.)
A Wide Area Network, or W.A.N., is a telecommunications, or computer network that extends over a large geographical distance.


Submit a name