Individuals or organizations that perform or assist a covered entity in the performance of a function or activity involving the use or disclosure of individually identifiable health information.
As defined by HIPAA, organizations that transmitt information in an electronic form during a transaction.
The effort made by an ordinarily prudent or reasonable party to prevent harm to another party or oneself; doing everything possible to prevent something negative from happening; also called due care.
The means of electronic transmission, including the Internet, private networks, dial-up phone lines, and fax modems; includes information moved from one place to another while stored on an electronic device.
Providers of medical or health services, individually or as organizations, that furnish, bill for, or are paid for services or products.
A secondary use of health information that cannot reasonably by prevented, is limited in nature, and occurs as a result of another use or disclosure that is permitted.
Individually Identifiable Health Information
Any part of a patient's health record that is created or received by a covered entity.
Office for Civil Rights (OCR)
The division of the federal government that enforces privacy standards.
Office of the Inspector General (OIG)
An office of the U.S. Department of Health and Human Services that conducts audits, investigations, and inspections involving laws pertaining to health and human services.
Personal Health Information
PHI is where the patient's own information that pertains to his or her health.
A person designated to ensure compliance with privacy standards for a covered entity.
Protected Health Information
PHI is any individually identifiable health information that may be transmitted and/or maintained in electronic form.
As defined by HIPAA, transimmission of information between two parties to carry out financial or administrative activities related to healthcare.