Official (ISC)² HCISPP - Domain 1: Healthcare Industry
Terms in this set (117)
Administrative safeguards are administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to safeguard electronic protected health information and manage the conduct of the covered entity's workforce in relation to the protection of that information.
Affiliated Covered Entity (ACE)
(ACE) Legally separate covered entities that are affiliated may designate themselves as a single covered entity for purposes of the HIPAA privacy rule. Under this affiliation, the organizations need only develop and disseminate one notice of privacy practices, comply with one set of policies and procedures, appoint one privacy official, administer common training programs, and use one business associate contract.
Ambulatory Patient Groups (APG)
Ambulatory Patient Groups (APGs) were developed to encompass the full range of ambulatory settings, including same-day surgery units, hospital emergency rooms, and outpatient clinics. APGs are a patient classification system designed to explain the amount and type of resources used in an ambulatory visit.
Patients in each APG have similar clinical characteristics and similar resource use and cost. Similar resource use means that the resources used are relatively constant across the patients within each APG.
American Reinvestment and Recovery Act (ARRA)
The American Reinvestment and Recovery Act (ARRA) was enacted on February 17, 2009. ARRA includes many measures to modernize our nation's infrastructure, one of which is the "Health Information Technology for Economic and Clinical Health (HITECH) Act." The HITECH Act supports the concept of Meaningful Use (MU) of Health Information Technology (IT) and health care reform to help the health care organizations to meet its clinical and business objectives via health information exchange. MU requirements consist of payment approaches that stress care coordination, and federal financial incentives are driving the interest and demand for health information exchange.
Analytics is the systematic use of data and related business insights developed through applied analytical disciplines (e.g., statistical, contextual, quantitative, predictive, cognitive, other models) to drive fact-based decision making for planning, management, measurement, and learning. Analytics may be descriptive, predictive, or prescriptive. Analytics can provide the mechanism to sort through this torrent of complexity and data, and help health care organizations deliver on these demands.
Authorization is an individual's permission for a covered entity to use or disclose PHI for a certain purpose, such as a research study.
Availability means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.
Bandwidth is the amount of information that is transmitted over a period of time.
A process consisting of learning or education could necessitate higher bandwidth than a quick status update, which would require a lower bandwidth.
Bundled payment, also known as episode-based payment, episode payment, episode-of-care payment, case rate, evidence-based case rate, global bundled payment, global payment, package pricing, or packaged pricing, is defined as the reimbursement of health care providers (such as hospitals and physicians) "on the basis of expected costs for clinically defined episodes of care." It has been described as "a middle ground" between fee-for-service reimbursement (in which providers are paid for each service rendered to a patient) and capitation.
Business Associates (BA)
The HIPAA Privacy Rule, 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e), allows covered providers and health plans to disclose protected health information to services of a variety of other persons or businesses ("business associates") that have access to their patients' PHI, such as billing services, attorneys, accountants, and consultants. HIPAA Privacy Rule Business Associates 45 CFR 164.502(e) and 164.504(e) provide direction on elements of a Business Associates Agreement (BAA).
Business Associates Agreement (BAA)
A BAA is a contract with a covered entity that meets the HIPAA Privacy Rule's applicable contract requirements at Business Associates 45 CFR 164.502(e) and 164.504(e). A covered entity must otherwise comply with the Privacy Rule, such as making only permissible disclosures to the business associate and permitting individuals to exercise their rights under the Rule.
A vendor, as a recipient of PHI from health care organizations, is a "Business Partner" as that term is defined in HIPAA and regulations promulgated by the
U.S. Department of Health and Human Services (DHHS) to implement certain provisions of HIPAA. All Business Partners of health care organization must agree in writing to certain mandatory provisions regarding, among other things, the use and disclosure of Protected Health Information (PHI). The HIPAA transaction rule describes the use of a Trading Partner Agreement, which is a contract between two parties, generally each covered entities, that exchange the financial and administrative transactions.
Sometimes doctors reach an agreement with a managed care organization called capitation, wherein the doctor is paid per person. Under this agreement, doctors accept members of the plan for a certain set price per member, no matter how often the member sees the doctor.
Catastrophic Health Insurance Plan
A Catastrophic Health Insurance plan covers essential health benefits but has a very high deductible. This means it provides a kind of "safety net" coverage in case the patient has an accident or serious illness. Catastrophic plans usually do not provide coverage for services such as prescription drugs or shots. Premiums for catastrophic plans may be lower than traditional health insurance plans, but deductibles are usually much higher.
Chain of Trust Agreement
The Chain of Trust Agreement is described as a contract in which the parties agree to
electronically exchange data and to protect the transmitted data. The sender and receiver are required to and depend on each other to maintain the integrity and confidentiality of the transmitted information. Multiple two-party contracts may be involved in moving information from the originating party to the ultimate receiving party.
The client-server model is an architecture (i.e., a system design) that divides processing between clients and servers that can run on the same machine or on different machines on the same network.
It is a major element of modern operating system and network design. End users access workstation computers and other physical automated equipment directly while performing health care functions.
Cloud computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. Cloud computing is offered in different forms: public clouds, private clouds, and hybrid clouds, which combine both public and private.
Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems. Confidentiality is necessary for maintaining the privacy of the people whose personal information is held in the system.
A HIPAA Covered Entity is any organization or corporation that directly handles Personal Health Information (PHI) or Personal Health Records (PHR). They include public clinics, nursing homes, pharmacies, specialty hospitals, home care programs, home meal programs, hospice, and durable medical equipment suppliers.
Current Procedural Terminology (CPT)
Current Procedural Terminology (CPT) codes are published by the American Medical Association (AMA). A CPT code is a five-digit numeric code that is used to describe medical, surgical, radiology, laboratory, anesthesiology, and evaluation/management services of physicians, hospitals, and other health care providers. There are approximately 7,800 CPT codes ranging from 00100 through 99499. Two-digit modifiers may be appended when appropriate to clarify or
modify the description of the procedure. CPTs are published in two versions — the first is the most common, CPT Physician's Current Procedural Terminology. A second publication is also available — the CPT Physician's Current Procedural Terminology Specially Annotated for Hospitals.
Common data augmentation includes demographic, geographic, and credit information. Data augmentation can also encompass data management algorithms and methodologies that combat unique clinical data problems.
A data classification program looks at the different types of data an organization handles, classifies those pieces of data based on sensitivity, and establishes procedures to make sure each of these pieces of information is treated properly. The big picture rationale
of a data classification program is to reduce risk and bring enterprise-wide consistency
to data handling. In addition, it is important to understand that data classification is a non- technical, common-sense approach to risk management.
Data integration is necessary to obtain a true understanding of the health care organization. Data integration can occur at the individual level, the household level (for example, all patients at the same address), the business or corporate level, the product level, the supplier level, or some other combination of attributes. Data integration requires powerful matching technology that can locate less obvious members of a related group.
Data Interoperability eliminates barriers to data sharing by providing direct data access; data translation tools; and the ability to build complex spatial extraction, transformation, and loading (ETL) processes. Standardize data messaging facilitates interoperability between health information systems regardless of database models employed by individual health care enterprises. There are three levels of health information technology interoperability: 1) Foundational; 2) Structural; and 3) Semantic.
Data Lifecycle Management (DLM)
Data Lifecycle Management (DLM) is a policy-based approach to managing the flow of an information system's data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted. DLM products automate the processes involved, typically organizing data into separate tiers according to specified policies, and automating data migration from one tier to another based on those criteria. As a rule, newer data and data that must be accessed more frequently is stored on faster, but more expensive storage media, while less critical data is stored on cheaper, but slower media.
Data profiling encompasses such activities as frequency and basic statistic reports, table relationships, phrase and element analysis, and business rule discovery. It is primarily done before any data-oriented initiative and often can be used to pinpoint where further efforts need to be focused.
Standardize and verify data is to use a reference database or a defined set of business rules and corporate standards. The data quality building block includes technologies that encompass parsing, transformation, verification, and validation.
Data Use Agreement
The Data Use Agreement is very similar to the Business Associate Agreement (BAA), in which the recipient of the data
set would agree to limit the use of the data for the purposes for which it was given to ensure the security of the data and not to identify the information or use it to contact any individual.
Diagnosis-Related Groups (DRG)
Diagnosis-Related Groups (DRG) is a capitation approach by focusing on hospitalization. Price is set based on categories of illnesses. The DRG classification of diseases is a nominal scale used to describe the illness leading to hospitalization.
Digital Imaging and Communications in Medicine (DICOM)
Digital Imaging and Communications in Medicine (DICOM) is the international standard for medical images and related information (ISO 12052). It defines the formats for medical images that can be exchanged with the data and quality necessary for clinical use.
DICOM is implemented in almost every radiology, cardiology imaging, and radiotherapy device (X-ray, CT, MRI, ultrasound, etc.), and increasingly in devices in other medical domains such as ophthalmology and dentistry. With tens of thousands of imaging devices in use, DICOM is one of the most widely deployed health care messaging standards in the world.
Electronic Data Interchange (EDI)
The HIPAA regulations adopted certain standard transactions for Electronic Data Interchange (EDI) of health care data.
These transactions are: claims and encounter information, payment and remittance advice, claims status, eligibility, enrollment and disenrollment, referrals
and authorizations, coordination of benefits, and premium payment.
Electronic Health Records (EHR)
Electronic Health Records (EHRs) are electronic systems that store a patient's health information, such as the patient's history of diseases and which medications the patient is taking. EHRs allow doctors
to easily keep track of patients' health information and may enable them to access patients' information when a patient has a problem even if their doctor's office is closed.
Electronic Protected Health Information (ePHI)
Protected Health Information ePHI refers to all individually identifiable health information a covered entity or business associate creates, receives, maintains, or transmits in electronic form. The Security Rule does not apply to PHI transmitted orally or in paper form.
Electronic Records Management
Electronic records management is the electronic management of digital and analog records contained in IT systems using computer equipment and software according to accepted principles and practices of records management. Records management is the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of analog and digital records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.
Employer- Sponsored Insurance
Often called group health insurance, the employer is responsible for a significant portion of the health care expenses. Group health plans are also guarantee issue, meaning that a carrier must cover all applicants whose employment qualifies them for coverage. In addition, employer-sponsored plans typically are able to include a range of plan options from HMO and PPO plans to additional coverage such as dental, life, and short- and long-term disability.
Enterprise Content Management
Enterprise content management includes the technologies, tools, and methods used to capture, manage, store, preserve, and deliver content across an enterprise.
Exclusive Provider Organizations (EPOs)
Exclusive Provider Organizations (EPOs) are similar to PPOs, but they reimburse members for services rendered by providers in their network only. Like PPOs, the patient pays a percentage of every medical bill up to a certain level. Some EPOs allow the patient to forgo a primary care physician and refer themself to a specialist as long as that provider is in the network. EPOs may limit coverage to providers inside their networks. A network is a list of doctors, hospitals, and other health care providers that provide medical care to members of a specific health plan.
Fee-for-Service (FFS) is a payment model where services are unbundled and paid for separately. Doctors and hospitals got paid for each service they performed. It gives an incentive for physicians to provide more treatments because payment is dependent on the quantity of care, rather than the quality of care.
Information can flow between the supplier and the recipient directly (e.g., face-to-face) or through an information technology (e.g., email). Mediated flow paths require some use of technology information to allow information to flow, while unmediated flow paths do not require information technology to transfer the information.
Good Clinical Research Practice (GCP)
Good Clinical Research Practice (GCP) is a process that incorporates established ethical and scientific quality standards for the design, conduct, recording, and reporting of clinical research involving the participation of human subjects.
Compliance with GCP provides public assurance that the rights, safety, and well-being of research subjects are protected and respected and ensures the integrity of clinical research data.
The Trust Taxonomy provides a conceptual framework to facilitate governance of inter-entity exchange through transparency into trust policies and practices based on Identity, Policy, and Contractual attributes. When utilizing the taxonomy, all trading partners would use a consistent approach to the classification of trust attribute definitions along with consistent representations as to how these trust attributes are implemented. The Governance Framework for Trusted Electronic Health Information Exchange (the Governance Framework) is intended to serve as the Office of the ONC's guiding principles on HIE governance.
Health Care Clearinghouse
A Health Care Clearinghouse is a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. The entity receives health care transactions from health care providers or other entities, translates the data from a given format into one acceptable to the intended payer or payers, and forwards the processed transaction to appropriate payers and clearinghouses.
Health Informatics is the interdisciplinary study of the design, development, adoption, and application of IT-based innovations in health care services delivery, management, and planning. Health informatics law deals with evolving and sometimes complex legal principles as they apply to information technology in health-related fields. It addresses the privacy, ethical, and operational issues that invariably arise when electronic tools, information, and media are used in health care delivery. Health Informatics Law also applies to all matters that involve information technology, health care, and the interaction of information. It deals with the circumstances under which data and records are shared with other fields or areas that support and enhance patient care.
Health Information Exchange (HIE)
Health Information Exchange (HIE)
allows health care professionals and patients to appropriately access and securely share
a patient's vital medical information electronically.
Health Information Exchange Organizations (HIOs)
Health Information Exchange Organizations (HIOs) provide the capability to electronically move clinical information between disparate health care information systems while maintaining the meaning of the information being exchanged. HIOs also provide the infrastructure for secondary use of clinical data for purposes such as public health, clinical, biomedical, and consumer health informatics research as well as institution and provider quality assessment and improvement.
Health Information Technology (HIT)
Health Information Technology (HIT) provides the framework to describe the comprehensive management of health information across computerized systems and its secure exchange between consumers, providers, government and quality entities, and insurers. Computers and telecommunications are used for storing, retrieving, and sending information with the goal of bringing about an age of patient- and public- centered health information and services.
Health insurance is insurance against the risk of incurring medical expenses among individuals. By estimating the overall risk of health care and health system expenses, among a targeted group, an insurer can develop a routine finance structure, such as a monthly premium or payroll tax, to ensure that money is available to pay for the health care benefits specified in the insurance agreement. According to the Health Insurance Association of America, health insurance is coverage that provides for the payments of benefits as a result of sickness or injury. This definition includes insurance for losses from accident, medical expense, disability, or accidental death and dismemberment.
Health Level Seven International (HL7)
Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery, and evaluation of health services.
Health Maintenance Organization (HMO)
With a Health Maintenance Organization (HMO), instead of paying for each individual service that the patient receives, they pay a set premium. In return, HMOs offer the patient a range of health benefits, including preventive care.
Health Savings Account (HSA)
A Health Savings Account (HSA) is a type of medical savings account that allows the patient to save money to pay for current and future medical expenses on a tax-free basis. In order to be eligible for an HSA, the patient must be covered by a high-deductible plan and not have any other health insurance. HSAs are a good option for individuals who want to protect themselves from catastrophic health care costs but don't anticipate many day-to-day medical costs.
Healthcare Common Procedure Coding System (HCPCS)
The Healthcare Common Procedure Coding System (HCPCS) is used to report hospital outpatient procedures and physician services. These coding systems serve an important function for physician reimbursement, hospital payments, quality review, benchmarking measurement, and the collection of general medical statistical data.
Health Care Records Management
Health Care Records Management programs must manage organizational information so that it is timely, accurate, complete, cost-effective, accessible, and useable. An effective Health Care Records Management program addresses both creation control (limits the generation of records or copies not required to operate the health care organization) and records retention (a system for destroying useless records or retiring inactive records), thus stabilizing the growth of records in all formats.
Hierarchical Storage Management (HSM)
Hierarchical Storage Management (HSM) is one type of DLM product. The hierarchy represents different types of storage media, such as RAID (redundant array of independent disks) systems, optical storage, or tape, each type representing a different level of cost and speed of retrieval when access is needed. Using an HSM product, an administrator can establish and state guidelines for how often different kinds of files are to be copied to a backup storage device. Once the guideline has been set up, the HSM software manages everything automatically. Typically, HSM applications migrate data based on the length of time elapsed since it was last accessed, while DLM applications enable policies based on more complex criteria.
High Deductible Health Plans (HDHPs)
High Deductible Health Plans (HDHPs) typically feature lower premiums and higher deductibles than traditional insurance plans.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Although HIPAA covers many things, physicians typically are more concerned with HIPAA's Administrative Simplification provisions, and particularly the Privacy, Security, and Breach Notification requirements. Since it was originally enacted, HIPAA has been amended and expanded several times as a result of new laws and regulations. The most sweeping change resulted from the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA).
•45 CFR Parts 160, 162, and 164
• Transactions and Code Set Standards
• Identifier Standards
• Privacy Rule
• Security Rule
• Enforcement Rule
• Breach Notification Rule
HIPAA Omnibus Rule
(13402 of the HITECH Act (74 FR 42740))
Health and Human Services (HHS) recently adopted new rules that make changes to existing privacy, security, and breach notification requirements in what is often referred to as the final "HIPAA Omnibus Rule" implementing the HITECH Act. This Omnibus Final Rule is comprised of the following four final rules:
• Final modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the
Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the Rules, which were issued as a proposed rule on July 14, 2010.
• Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased
and tiered civil money penalty structure provided by the HITECH Act, originally published as an interim final rule on October 30, 2009.
• Final rule on Breach Notification for Unsecured Protected Health Information under the
HITECH Act, which replaces the breach notification rule's ''harm'' threshold with a more objective standard and supplants an interim final rule published on August 24, 2009.
• Final rule modifying the HIPAA Privacy Rule as required by the Genetic Information
Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes, which was published as a proposed rule on October 7, 2009.
HIPAA Privacy Rule
(45 CFR Part 160 and Subparts A and E of Part 164)
The Privacy Rule restricts covered entities' and business associates' use and disclosure of an individual's "protected health information" (PHI).
HIPAA Security Rule
(45 CFR Part 160 and Subparts A and C of Part 164)
The HIPAA Security Rule requires physician practices to implement a number of administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI).
(American Recovery and Reinvestment Act of 2009 (ARRA)
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) legislation was created to stimulate the adoption of electronic health records (EHR) and supporting technology in the United States. President Obama signed HITECH into law on February 17, 2009, as part of the American Recovery and Reinvestment Act of 2009 (ARRA), an economic stimulus bill.
The HITECH act stipulates that, beginning in 2011, health care providers will be offered financial incentives for demonstrating meaningful use of electronic health records (EHR). Incentives will be offered until 2015, after which time penalties may be levied for failing to demonstrate such use. The Act also establishes grants for training centers for the personnel required to support a health IT infrastructure.
A general definition of human research is: "Any proposal relating to human subjects including healthy volunteers that cannot be considered as an element of accepted clinical management or public health practice and that involves either (i) physical or psychological intervention or observation, or (ii) collection, storage, and dissemination of information relating to individuals. This definition relates not only to planned trials involving human subjects but to research in which environmental factors are manipulated in a way that could incidentally expose individuals to undue risks."
With an indemnity plan, the patient can go to the doctor of his/her choice, and the patient, the patient's doctor, or the patient's hospital submits a claim to the patient's insurance company for reimbursement.
An informed consent is the individual's permission to participate in the research. An informed consent provides research subjects with a description of the study and of its anticipated risks and/or benefits, and a description of how the confidentiality of records will be protected, among other things.
Institutional Review Boards (IRB)
The Institutional Review Boards (IRB) review plans for research involving human subjects. Institutions that accept research funding from the federal government must have an IRB to review all research involving human subjects. The FDA and the Office for Human Research Protections (OHRP) (part of the National Institutes of Health) set the guidelines and regulations governing human subject's research and IRBs.
Integrating the Healthcare Enterprise (IHE)
Integrating the Healthcare Enterprise (IHE) is an initiative by health care professionals and industry to improve the way computer systems in health care share information. IHE promotes the coordinated use of established standards such as DICOM and HL7 to address specific clinical needs in support of optimal patient care. Systems developed in accordance with IHE communicate with one another better, are easier to implement, and enable care providers to use information more effectively.
Integrity means maintaining and assuring the accuracy and consistency of data over its entire life cycle. This means that data cannot be modified in an unauthorized or undetected manner. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.
International Classification of Disease (ICD)
The International Classification of Disease (ICD) is the most widely recognized medical classification maintained by the World Health Organization (WHO). Its primary purpose is to categorize diseases for morbidity and mortality reporting. The United States has used a clinical modification of ICD (ICD-10-CM) for the additional purposes of reimbursement. The CM in the name ICD-10-CM means "clinical modification." It is used by hospitals and other facilities to describe any health challenges a patient has, from his diagnosis to symptoms to outcomes from treatment, to causes of death. ICD-10-CM and ICD-10-PCS group together similar diseases and procedures and organize related entities for easy retrieval.
The Joint Commission has been a champion of patient safety by helping health care organizations to improve the quality and safety of the care they provide. The Joint Commission evaluates and accredits health care organizations and programs in the United States and is the nation's predominant standards-setting and accrediting body in health care. The National Patient Safety Goals (NPSGs), required to be implemented by all accredited organizations to improve the safety and quality of care, are updated annually.
Legal Medical Record
A health care organization must have a health record. Its "health record" must, by definition, meet all statutory, regulatory, and professional requirements for clinical purposes as well as for business purposes. If the record does not qualify as a legal record, it becomes hearsay and therefore is much less legally valid for business or for medical-legal purposes. Unless the practice intends to maintain separate paper records that comply with legal requirements, its EHR, to be a legal record, must conform to the same requirements as health records in general and for business records on computers more specifically.
Local Area Network (LAN)
A local area network space (LAN) is a network that provides shared communications and resources in a relatively small area.
Meaningful Use (MU)
The HITECH Act supports the concept of EHR Meaningful Use (MU), an effort led by Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC). MU is the set of standards defined by the CMS Incentive Programs that governs the use of electronic health records and allows eligible providers and hospitals to earn incentive payments by meeting specific criteria.
Government-funded health care: a program funded by the U.S. federal and state governments that pays the medical expenses of people who are unable to pay some or all of their own medical expenses.
Medical billing is the process of submitting and following up on claims with health insurance companies in order to receive payment for services rendered by a health care provider. The same process is used for most insurance companies, whether they are private companies or government-sponsored programs. The medical billing process is an interaction between a health care provider and the insurance company (payer). The entirety of this interaction is known as the billing cycle, sometimes referred to as Revenue Cycle Management. This can take anywhere from several days to several months to complete and requires several interactions before a resolution is reached.
Medical Coding or Clinical Coding
Medical coding or Clinical coding systems assign a distinct numeric value to medical diagnosis, procedures and surgery, signs and symptoms of disease and ill-defined conditions, poisoning, adverse effects of drugs, complications of surgery, and medical care. The assigned codes and other patient data are processed by grouper software to determine a Diagnosis-Related Group (DRG) for the episode of care, which is used for funding and reimbursement.
A medical device is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals. Types of Medical devices include self-care, electronic, diagnostic, surgical, durable medical equipment, acute care, emergency and trauma, long-term care, storage, and transport.
A government program of hospitalization insurance and voluntary medical insurance for persons aged 65 and over and for certain disabled persons under 65.
Metadata are generated at various points in the records management life cycle, providing underlying data to describe the document, specify access controls and rights, provide retention and disposition instructions, and maintain the record history and audit trail.
Modality is the channel through which information is transmitted. The main forms of modality include auditory, visual, and tactile.
National eHealth Collaborative (NeHC)
The National eHealth Collaborative (NeHC) has convened the National HIE Governance Forum at the Office of the National Coordinator for HIT's (ONC) request through ONC's cooperative agreement with NeHC. One of ONC's governance goals for nationwide health information exchange is to increase trust among all potential exchange participants in order to mobilize trusted exchange to support patient health and care.
National Uniform Billing Committee (NUBC)
The National Uniform Billing Committee (NUBC)
is a voluntary committee whose work is coordinated through the offices of the American Hospital Association (AHA) and includes participation of all the major national provider and payer organizations. The committee was originally formed to develop a single standard billing format and data set to be used nationwide by institutional providers and payers for handling health care claims. Today, the Committee monitors and manages the utilization of this standard uniform (UB) billing form and data set used throughout the industry for billing transactions.
Nationwide Health Information Network Exchange
The Nationwide Health Information Network Exchange is a confederation of stakeholders at the forefront of health information exchange, including Federal agencies; State, regional, and local health information organizations; integrated delivery networks, and private organizations.
HIE governance includes standards, services,
and policies that foster secure health information exchange over the Internet.
Network management monitors network performance and identifies attacks and failures. Mechanisms include components that enable network administrators to monitor and restrict resource access.
Network Security must protect the computer network and its services from unauthorized modification, destruction, or disclosure.
Office of Civil Rights (OCR)
The HHS' Office of Civil Rights (OCR), the federal agency within HHS with oversight over HIPAA privacy, security, and breach notification requirements, established a comprehensive audit protocol that physician practices may wish to consider as they review and update their HIPAA compliance plans. The OCR audit protocol contains 170 audit areas (79 Security Rule, 10 Breach Notification Rule, and 80 Privacy Rule provisions).
The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification.
Organized Health Care Arrangement (OHCA)
The HIPAA privacy rule also permits providers that typically provide health care to a common set of patients to designate themselves as an Organized Health Care Arrangement (OHCA) for purposes of HIPAA. For example, an academic medical center often includes university-affiliated physicians and a hospital or health system.
Patient Protection and Affordable Care Act of 2010
This technical report catalogues nearly 100 implemented and proposed payment reform programs, classifies each of these programs into one of 11 payment reform models, and identifies the performance measurement needs associated with each model. A synthesis of the results suggests near-term priorities for performance measure development and identifies pertinent challenges related to the use of performance measures as a basis for payment reform. The report is also intended to create a shared framework for analysis of future performance measurement opportunities. This report is intended for the many stakeholders tasked with outlining a national quality strategy in the wake of health care reform legislation.
Pay for Performance (P4P)
Pay for Performance (P4P) or "value-based purchasing," is an emerging movement in health insurance. Providers under this arrangement are rewarded for meeting
pre-established targets for delivery of health care services. This is a fundamental change from fee-for-service payment.
A Payer in health care generally refers to entities other than the patient that finance or reimburse the cost of health services.
Payment Card Industry (PCI)
Payment Card Industry (PCI) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures.
Personal Health Records
A Personal Health Record (PHR) is a lot like an Electronic Health Record (EHR), except that the patient controls what kind of information goes into it. The patient can use a PHR to keep track of information from his/her doctor visits, but the PHR can also reflect the patient's life outside the doctor's office and the patient's health priorities, such as tracking food intake, exercise, and blood pressure. Sometimes, the patient's PHR can link with his/her doctor's EHR.
Pharmaceutical fraud involves activities that result in false claims to insurers or programs such as Medicare in the United States or equivalent state programs for financial gain to a pharmaceutical company.
The Pharmaceutical Industry is a branch of the chemical industry that manufactures drugs. The industry comprises enterprises that produce synthetic and plant-derived preparations, antibiotics, vitamins, blood substitutes, and hormone preparations derived from animal organs, and drugs in various dosages (including injection solutions in ampuls, tablets, lozenges, capsules, pills, and suppositories), as well
as ointments, emulsions, aerosols, and plasters. Pharmaceutical companies are allowed to deal in generic and/or brand medications and medical devices. They are subject to a variety of laws and regulations regarding the patenting, testing, and ensuring safety and efficacy and marketing of drugs.
Pharmacy is defined as a store where medicinal drugs are dispensed or compounded and sold. It can also be defined as a branch of health sciences that deals with the preparation, dispensing, and utilization of drugs. Pharmaceutical care involves the process through which a pharmacist cooperates with a patient and other professionals in designing, implementing, and monitoring a therapeutic plan that will produce specific therapeutic outcomes for the patient.
Physical safeguards are physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment, from natural and environmental hazards and unauthorized intrusion.
A Point-of-Service plan (POS) combines elements of both a Health Maintenance Organization (HMO) and a Preferred Provider Organization (PPO). The plan allows you to use a primary care physician to coordinate your care, or you can self- direct your care at the "point of service."
Preferred Provider Organization (PPO)
A Preferred Provider Organization (PPO) is the form of managed care closest to an indemnity plan, which typically allows you to see any doctor, any time. A PPO
negotiates discounts with doctors, hospitals, and other providers, who then become part of the PPO network.
Private Health Insurance
Private Health Insurance is a system in which individuals are responsible for securing their own health insurance coverage, although employers in many cases provide all or some of the funding.
Supporters of the system of private insurance say that it encourages freedom of choice for health insurance and provides the best possible quality of care.
Protected Health Information (PHI)
Protected health information means individually identifiable information that is held or transmitted by a covered entity or business associate in any form or media — whether electronic, paper, or oral — that relates to the past, present, or future physical or mental health of an individual, health care services, or payment for health care.
A classical definition is a person who helps in identifying or preventing or treating illness or disability. The definition of a provider is expanded by the Center for Medicare and Medicaid Services (CMS). The Center for Medicare and Medicaid Services (CMS) defines a health care provider as an individual or an institution that provides health care services. Health and Human Services (HHS) references definitions for a Health Care Provider and Covered Health Care Providers. A Health Care Provider is defined in section 1861(u) of the [Social Security] Act, and Covered Health Care Providers are defined by the Secretary of the United States Department of Health and Human Services (HHS).
Public Health Insurance
In Public Health Insurance, the government provides its own health insurance, but private insurance companies continue to provide insurance as another option for citizens. Proponents for public health insurance point to private insurance's inability to provide for every single person, often leaving people without health care coverage, which can result in avoidance of care and even bankruptcy.
Record Creation, Capture, or Receipt
This phase includes creating, editing, and reviewing work in process as well as capture of content (e.g., through document imaging technology) or receipt of content (e.g., through a health information exchange).
Every organization must establish business rules for determining when content or documents become records.
Record Maintenance and Use
Once records are created, they must be maintained in such a way that they are accessible and retrievable. Components of this phase include functions, rules, and protocols for indexing, searching, retrieving, processing, routing, and distributing.
Records Management Lifecycle
Records Lifecycle Management is the record life cycle from creation through final disposition.
The life cycle of records management begins when information is created and ends when the information is destroyed.
"Active" means that the records are consulted or used on a routine basis. Routine functions may include activities such as release of information requests, revenue integrity audits, or quality reviews.
"Inactive" means that the records are used rarely but must be retained for reference or to meet the full retention requirement. Inactive records usually involve a patient who has not sought treatment for a period of time or one who completed his or her course of treatment.
Reimbursement is the health care term that refers to the compensation or repayment for health care services. Reimbursement is being repaid or compensated for expenses already incurred or, as in the case of health care, for services that have already been provided.
Resource Utilization Groups (RUGs)
Resource Utilization Groups (RUGs) are similar to DRGs in concept. Each facility is paid a daily rate based on the needs
of individual Medicare patients, with an adjustment for local labor cost.
Self-Pay is a type of fee-for-service because the patients or the guarantors (responsible persons such as the parents for children) pay a specific amount for each service received. The patients or guarantors make such payments themselves to the providers, such as physicians, clinics, or hospitals, then render each service. The patients or guarantors then seek reimbursement for their private health insurance or the governmental agency that covers their health benefits.
A server is a software program, or the computer on which that program runs, that provides a specific kind of service to client software running on the computers on a network. There are several categories of servers. A file server is software or hardware plus software that are dedicated to storing files and making them accessible for reading and writing to clients (i.e., users) across a network. A print server is software or hardware that manages one or more printers. A network server manages network traffic. A name server maps user and computer names to machine addresses. A database server allows clients to interact with a database. An application server runs applications for clients.
SNOMED-CT provides a common language that enables a consistent language that enables a consistent way of capturing, sharing, and aggregating health data across specialties and sites of care. It is highly detailed terminology designed for input
Synchronous communication occurs when two parties exchange messages across a communication channel at the same time (e.g., face-to-face, telephone, online chat). The primary advantage for synchronous communication is the ability for immediate feedback and clarification when necessary. An advantage to asynchronous communication is that the communication exchange does not require both parties to participate in the conversation at the same time (e.g., email, fax) and the recipient can deal
with communication at a time of his or her choosing. However, this same advantage has the drawback that it is more difficult to know that the receiving party has received and understood the information fully.
The term taxonomy refers to a hierarchical system. Taxonomy comprises vocabulary and terms; in turn, vocabulary is made up of terms, or names, at the most basic level. The major advantage of advocating one taxonomy is simplicity; if there is one taxonomy, then there is the assumption that everyone is or will be made aware of it, understands the vocabulary and classifications, accepts it, and utilizes the known taxonomy.
Technical safeguards are the technology, policy, and procedures for its use that safeguard electronic protected health information and control access to ePHI.
The HIPAA Transaction and Code Sets Standard/Rule (TCS)
The HIPAA Transaction and Code Sets Standard/Rule (TCS) regulations are divided into four Standards or Rules: (1) Privacy, (2) Security, (3) Identifiers, and (4) Transactions and Code Sets (TCS). The TCS Standard/Rule was first released in August 2000 and updated in May 2002; it took effect on 16 October 2003 for all covered entities. Regulations associated with the TCS Rule mandate uniform electronic interchange formats for all covered entities. It is this standardization along with the introduction of uniform identifiers for plans, providers, employers, and patients under the Identifier Rule that is expected to produce the efficiency savings of "administrative simplification."
The third party is the uninvolved vendors, business partners, or other data sharing associates. The first party is the patient himself/herself or the person, such as the parent, responsible for the patient's health bill. The second party is the physician, clinic, hospital, nursing home, or other health care entity rendering the care. These second parties are often called providers because they provide health care.
Value-added Network (VAN)
A Value-added Network (VAN) is a hosted service offering that acts as an intermediary between business partners such as hospitals and insurance payers. A VAN simplifies the communications process by reducing the number of parties with which a company needs to facilitate electronic data interchange (EDI). VANs provide a number of services, e.g., HIPAA compliance checking, acknowledgements, retransmitting documents, providing third-party audit information, acting as a gateway for different transmission methods, and handling telecommunications support.
Workflow Management Systems (WfMSs)
Workflow Management Systems (WfMSs) as a tool to streamline, automate, and
re-engineer business processes.