HIPAA Information Access Management Policies Profile, v1.0

Profile of HIPAA Information Access Management (per 45 CFR Section 164.308(a)(4)) requirements for policies for authorizing access to e-PHI.
Identifier https://artifacts.trustmarkinitiative.org/lib/tips/hipaa-information-access-management-policies-profile/1.0/
Publication Date 2017-02-17
Issuing Organization
No Responder help@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords There are no keywords.
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TD_InformationAccessManagementIsolatingHealthCareClearinghouseFunctionsPolicies and TD_InformationAccessManagementAccessAuthorizationPolicies and TD_InformationAccessManagementAccessEstablishmentandModificationPolicies

References (3)

 TD  Information Access Management - Isolating Health Care Clearinghouse Functions Policies, v1.0
Description Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must have policies that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
ID TD_InformationAccessManagementIsolatingHealthCareClearinghouseFunctionsPolicies
Provider Reference
 TD  Information Access Management - Access Authorization Policies, v1.0
Description Specifies that a health care related organization must have policies for granting access to electronic protected health information.
ID TD_InformationAccessManagementAccessAuthorizationPolicies
Provider Reference
 TD  Information Access Management - Access Establishment and Modification Policies, v1.0
Description Specifies that a health care related organization must have policies that, based upon the organization's access authorization policies, establish, document, review, and modify a user's right of access to a workstation.
ID TD_InformationAccessManagementAccessEstablishmentandModificationPolicies
Provider Reference

Terms (7)

Term Name Abbreviations Definition
Business Associate BA Covered entities engage "business associates" to work on their behalf. A business associate is a person (not part of the workforce of the covered entity) or organization that creates, receives, maintains, or transmits protected health information on behalf of the covered entity.
Covered entities must have contracts or other arrangements in place with their business associates to ensure that the business associates safeguard protected health information, and use and disclose the information only as permitted or required by the Privacy Rule.
A covered entity may be a business associate of another covered entity.
Covered Entity CE The Administrative Simplification provisions of HIPAA apply to three types of entities, which are known as "covered entities": 1) health care providers if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard, 2) health plans, and 3) health care clearinghouses.
A covered entity may be a business associate of another covered entity.
Disclosure Disclosure means the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.
Electronic Protected Health Information e-PHI Electronic protected health information means protected health information (PHI) that is transmitted by electronic means or maintained in electronic media.
Health Insurance Portability and Accountability Act of 1996 HIPAA The HIPAA law includes Administrative Simplification provisions that require adoption of national standards for electronic health care transactions and code sets, unique health identifiers, and security. Additionally, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.
Protected Health Information PHI Protected health information (PHI) means "individually identifiable health information" that is transmitted by electronic means or maintained in electronic media or transmitted or maintained in any other form or medium, except it excludes individually identifiable health information:
  1. In education records covered by the Family Educational Rights and Privacy Act;
  2. In records described at 20 U.S.C. 1232g(a)(4)(B)(iv);
  3. In employment records held by a covered entity in its role as employer;
  4. Regarding a person who has been deceased for more than 50 years.
HIPAA rules protect most PHI held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. PHI is information, including demographic information, which relates to the individual's past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual. For example, PHI includes name, address, birth date, Social Security Number, a medical record, laboratory report, or hospital bill. However, reporting or aggregating data that cannot be used to individually identify a person would not be considered PHI.
U.S. Department of Health and Human Services HHS The U.S. Department of Health and Human Services' (HHS) mission is to enhance and protect the health and well-being of all Americans by providing for effective health and human services and fostering advances in medicine, public health, and social services.
Also available as XML or JSON