January 28, 2013. Today, we want to explore the modified definition of breach in the Final HIPAA/HITECH Act Privacy, Security, Breach Notification, and Enforcement Rule published in the Federal Register on Friday, January 25, 2013. Here is the modified definition [45 CFR 164.402, Definitions, effective March 26, 2013; 78 Federal Register 5695]: Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E [HIPAA Privacy Rule] of this part [Part 164] which compromises the security or privacy of the protected health information. (1) Breach excludes: (i) Any unintentional acquisition, access, or use of protected health information by a workforce member or…
Tag: Use
Exploring HIPAA and HITECH Act Definitions: Part 16
From now through early December, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA…
Collection, Use, and Disclosure Limitation Key Privacy/Security Principle of Meaningful Use 2011 Objectives
On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009….
Openness and Transparency Key Privacy/Security Principle of Meaningful Use 2011 Objectives
On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009….
Nationwide Privacy and Security Framework for Electronic Exchange: Key Meaningful Use 2011 Objective Recommendation
On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. This report states: “[a] key factor to achieving a high-level of trust among individuals, health care providers, and other health care organizations participating in electronic health information exchange is the development of, and adherence to, a consistent and coordinated approach to privacy and security. Clear, understandable, uniform principles are a first step in developing a consistent and coordinated approach to privacy and security and a key component to…
HITECH Privacy Provisions Include HIPAA Privacy Definitions and New or Broadened Concepts
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of Vendor of Personal Health Records
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of Use
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of Treatment
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…
The Definition of State
This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…