• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

The Definition of Protected Health Information

May 11, 2009 Health IT and HITECH No Comments

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards.

HIPAA Privacy Definitions:

Breach
Business Associate
Covered Entity
Disclosure
Electronic Health Record
Health Care Operations
Health Care Provider
Health Plan
National Coordinator
Payment
Personal Health Record
Protected Health Information
Secretary
Security
State
Treatment
Use
Vendor Of Personal Health Records

PROTECTED HEALTH INFORMATION

The term ‘protected health information’ has the meaning given such term in section 106.103 of title 45, Code of Federal Regulations.

Section 106.103—

Individually identifiable health information:

(1) Except as provided in paragraph (2) of this definition, that is:

(i) Transmitted by electronic media;

(ii) Maintained in electronic media; or

(iii) Transmitted or maintained in any other form or medium.

(2) Protected health information excludes individually identifiable health information in:

(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;

(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and

(iii) Employment records held by a covered entity in its role as employer.

Tags: breachbusiness associatecovered entityDiscloseDisclosureelectronic health recordHealth Care OperationsHealth Care Providerhealth planNational CoordinatorPaymentpersonal health recordprotected health informationSecretarySecurityStateTreatmentUseVendor of Personal Health Records
No Comments
Share
0

You also might be interested in

Information Access Management: Access Establishment and Modification-What to Do and How to Do It

Feb 27, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

OMB Completes Review of Final Rules for EHR Incentive Program and for Initial Certification Criteria

Jul 12, 2010

On Friday, July 9, 2010, the Office of Management and[...]

Collection, Use, and Disclosure Limitation Key Privacy/Security Principle of Meaningful Use 2011 Objectives

Jul 1, 2009

On December 15, 2008, the Office of the National Coordinator[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next