Incidents or practices, not usually considered fraudulent, that are inconsistent with accepted and sound medical business or fiscal practices
Under the HIPAA privacy rule, an individual's formal, written permission t use or disclose his or her personally identifiable health information for purposes other than treatment, payment, or health care operations.
A document signed by the patient that is needed for use an disclosure of protected health information that is not included in any existing consent form agreements.
breach of confidential communication
Breach means "breaking or violation of a law or agreement" In the context of the medial office it means the unauthorized release of information about the patient
A person who, on behalf of the covered entity, performs or assist in the performance of a function or activity involving the use or disclosure of individually identifiable health information, including processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing.
An independent organization that receives insurance claims from the physician's office, performs software edits, and redistributes the claims electronically to various insurance carriers.
Any set of codes with their descriptions used to encode data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.
A process of meeting regulations, recommendations, and expectations of federal and state agencies that pay for health care services and regulate the industry
A management plan composed of policies and procedures to accomplish uniformity, consistency, and conformity in medical record keeping that fulfills official requirements
A privileged communication that may be disclosed only with the patient's permission.
The state of treating privately or secretly, and not disclosing to other individuals or for public knowledge, the patient's conversations or medical records
A document that is not required before physicians use or disclose protected health information for treatment, payment, or routine health care operations of the patient.
An entity that transmits health information in electronic form in connection with a transaction covered by HIPAA. The covered entity may be a helath care coverage carrier such as Blue Cross, a health care clearinghouse through which claims are submitted, or a health care provider such as the primary care physician.
The release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information.
e-health information management (eHIM)
A term coined by the American Health Information Management Association's eHealth Task Force to describe any and all transactions in which health care information is accessed, proceed, stored, and transferred using electronic technologies
The mode of electronic transmission (e.g. Internet, extranet, leased phone or dial-up phone lines, fax modems).
health care provider
A provider of medical or health services and any other person or organization who furnishes bills or is paid for health care in the normal course of business.
individually identifiable health information (IIHI)
Any part of an individual's health information, including demographic information collected from the individual, that is created or received by a covered entity.
Information consisting of ordinary facts unrelated to the treatment of the patient. The patient's authorization is not required to disclose the data unless the record is in a specialty hospital or in a special service unit of a general hospital, such as the psychiatric unit
Notice of Privacy Practices (NPP)
Under Health Insurance Portability and Accountabilty Act, , a document given to the patient at the first visit or at enrollment explaining the individual's rights and the physician's legal duties in regard to protected health information (PHI).
privacy officer, privacy official (PO)
An individual designated ot help the provider remain in compliance by setting policies and procedures in place, and by training and managing the staff regarding HIPAA and patient rights; usually the contact person for questions and complaints.
Data related to the treatment and progress of the patient that can be released only when written authorization of the patient or guardian is obtained.
protected health information (PHI)
Any data that identify an individual and describes his or her health status, age, sex, ethnicity, or other demographic characteristics, whether or not that information is stored or transmitted electronically.
A person who protects the computer and networking systems within the practice and implements protocols such as password assignment, backup procedures, firewalls, virus protection, and contingency planning for emergencies.
Under Health Insurance Portability and Accountability Act, regulations related to the security of electronic protected health information that, along with regulations, related to electronic transactions and code sets, privacy, and enforcement, compose the Administrative Simplification provisions.
A complex technical issue not within the scope of the health care provider's role; refers to instances when state law takes precedence over federal law.
the transmission of information between two parties to carry out financial or administrative activities related to health care.