HIPAA Privacy Rule Profile, v1.0
Profile of HIPAA Privacy Rule (per 45 CFR Section 164.500-599) requirements for policies and procedures for handling e-PHI.
| Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/hipaa-privacy-rule-profile/1.0/ | ||||
| Publication Date | 2017-02-17 | ||||
| Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
| Keywords | There are no keywords. | ||||
| Legal Notice | This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_HIPAABusinessAssociateContractsContentProfile and TIP_HIPAADocumentationRetentionProfile and TIP_HIPAANoticeofPrivacyPracticesProfile and TIP_HIPAAPrivacyPoliciesandProceduresProfile and TIP_HIPAAComplianceDateforPrivacyImplementationProfile and TD_PrivacyProtectionRequest and TD_AccesstoProtectedHealthInformation and TD_AmendmentofProtectedHealthInformation and TD_AccountingofDisclosuresofProtectedHealthInformation and TD_PrivacyOfficialforEntity and TD_TrainingMembersofWorkforce and TD_AppropriateSafeguardstoProtectDataPreventDisclosure and TD_AppropriateSafeguardstoProtectDataLimitDisclosure and TD_ProcessforComplaints and TD_AppropriateSanctionsAgainstWorkforce and TD_HarmfulEffectMitigation and TD_RetaliatoryActionAgainstComplainant and TD_NoRequirementtoWaiveRights
References (18)
| TIP HIPAA Business Associate Contracts Content Profile, v1.0 | |
|---|---|
| Description | Profile of HIPAA requirements for the contents of Business Associate Contracts/Agreements between a covered entity and its business associates or other subcontractors per 45 CFR Section 164.504. |
| ID | TIP_HIPAABusinessAssociateContractsContentProfile |
| TIP HIPAA Documentation Retention Profile, v1.0 | |
|---|---|
| Description | Profile of a covered entity's HIPAA requirements to maintain the policies and procedures and privacy notice and their changes in written or electronic form. |
| ID | TIP_HIPAADocumentationRetentionProfile |
| TIP HIPAA Notice of Privacy Practices Profile, v1.0 | |
|---|---|
| Description | Profile of HIPAA requirements for the privacy notice to users of the organization's privacy practices (per 45 CFR Section 164.500-599) regarding PHI. |
| ID | TIP_HIPAANoticeofPrivacyPracticesProfile |
| TIP HIPAA Privacy Policies and Procedures Profile, v1.0 | |
|---|---|
| Description | Profile of HIPAA requirements for the documenting, implementing, and changing policies and procedures for privacy practices regarding PHI. |
| ID | TIP_HIPAAPrivacyPoliciesandProceduresProfile |
| TIP HIPAA Compliance Date for Privacy Implementation Profile, v1.0 | |
|---|---|
| Description | Profile of reules for determining and verifying the compliance date of a health care provider as specified by the HIPAA Privacy Rule per 45 CFR Section 164.534. |
| ID | TIP_HIPAAComplianceDateforPrivacyImplementationProfile |
| TD Privacy Protection Request, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to permit an individual to request that the covered entity restrict uses or disclosures of protected health information about the individual, and disclosures to a family member or other designated person. |
| ID | TD_PrivacyProtectionRequest |
| Provider Reference | |
| TD Access to Protected Health Information, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to ensure that an individual has a right of access, in a timely manner, to inspect and obtain a copy of protected health information about the individual, subject to certain restrictions and limitations. |
| ID | TD_AccesstoProtectedHealthInformation |
| Provider Reference | |
| TD Amendment of Protected Health Information, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to permit an individual to request that a covered entity amend, in a timely manner, protected health information or a record about the individual, subject to certain restrictions and limitations. |
| ID | TD_AmendmentofProtectedHealthInformation |
| Provider Reference | |
| TD Accounting of Disclosures of Protected Health Information, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to permit an individual to receive an accounting of disclosures of protected health information made by a covered entity in the six years prior to the date on which the accounting is requested, except for certain disclosures. |
| ID | TD_AccountingofDisclosuresofProtectedHealthInformation |
| Provider Reference | |
| TD Privacy Official for Entity, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity. |
| ID | TD_PrivacyOfficialforEntity |
| Provider Reference | |
| TD Training Members of Workforce, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to train all members of its workforce on the policies and procedures with respect to protected health information required by the Privacy Rule. |
| ID | TD_TrainingMembersofWorkforce |
| Provider Reference | |
| TD Appropriate Safeguards to Protect Data - Prevent Disclosure, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information by preventing disclosure that is in violation of regulations. |
| ID | TD_AppropriateSafeguardstoProtectDataPreventDisclosure |
| Provider Reference | |
| TD Appropriate Safeguards to Protect Data - Limit Disclosure, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information by limiting disclosure to required or permitted uses. |
| ID | TD_AppropriateSafeguardstoProtectDataLimitDisclosure |
| Provider Reference | |
| TD Process for Complaints, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must provide a process for individuals to make complaints concerning the covered entity's policies and procedures. |
| ID | TD_ProcessforComplaints |
| Provider Reference | |
| TD Appropriate Sanctions Against Workforce, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures. |
| ID | TD_AppropriateSanctionsAgainstWorkforce |
| Provider Reference | |
| TD Harmful Effect Mitigation, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to mitigate, to the extent practicable, any harmful effect that is known to the covered entity of a use or disclosure of protected health information. |
| ID | TD_HarmfulEffectMitigation |
| Provider Reference | |
| TD Retaliatory Action Against Complainant, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must have policies and procedures to not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual. |
| ID | TD_RetaliatoryActionAgainstComplainant |
| Provider Reference | |
| TD No Requirement to Waive Rights, v1.0 | |
|---|---|
| Description | Specifies that a covered entity must not require individuals to waive certain rights as a condition for services. |
| ID | TD_NoRequirementtoWaiveRights |
| Provider Reference | |
Terms (10)
| Term Name | Abbreviations | Definition |
|---|---|---|
| Business Associate | BA | Covered entities engage "business associates" to work on their behalf. A business associate is a person (not part of the workforce of the covered entity) or organization that creates, receives, maintains, or transmits protected health information on behalf of the covered entity. Covered entities must have contracts or other arrangements in place with their business associates to ensure that the business associates safeguard protected health information, and use and disclose the information only as permitted or required by the Privacy Rule. A covered entity may be a business associate of another covered entity. |
| Correctional Institution | CI | Correctional institution means any penal or correctional facility, jail, reformatory, detention center, work farm, halfway house, or residential community program center operated by, or under contract to, the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, for the confinement or rehabilitation of persons charged with or convicted of a criminal offense or other persons held in lawful custody. Other persons held in lawful custody includes juvenile offenders adjudicated delinquent, aliens detained awaiting deportation, persons committed to mental institutions through the criminal justice system, witnesses, or others awaiting charges or trial. |
| Covered Entity | CE | The Administrative Simplification provisions of HIPAA apply to three types of entities, which are known as "covered entities": 1) health care providers if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard, 2) health plans, and 3) health care clearinghouses. A covered entity may be a business associate of another covered entity. |
| Disclosure | Disclosure means the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information. | |
| Electronic Protected Health Information | e-PHI | Electronic protected health information means protected health information (PHI) that is transmitted by electronic means or maintained in electronic media. |
| Health Insurance Portability and Accountability Act of 1996 | HIPAA | The HIPAA law includes Administrative Simplification provisions that require adoption of national standards for electronic health care transactions and code sets, unique health identifiers, and security. Additionally, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. |
| Plan Administration Functions | PAF | Plan administration functions means administration functions performed by the plan sponsor of a group health plan on behalf of the group health plan and excludes functions performed by the plan sponsor in connection with any other benefit or benefit plan of the plan sponsor. |
| Protected Health Information | PHI | Protected health information (PHI) means "individually identifiable health information" that is transmitted by electronic means or maintained in electronic media or transmitted or maintained in any other form or medium, except it excludes individually identifiable health information:
|
| Summary Health Information | Information, that may be individually identifiable health information, and that summarizes the claims history, claims expenses, or type of claims experienced by individuals. | |
| U.S. Department of Health and Human Services | HHS | The U.S. Department of Health and Human Services' (HHS) mission is to enhance and protect the health and well-being of all Americans by providing for effective health and human services and fostering advances in medicine, public health, and social services. |