HIPAA’s expansive lists of rules, regulations, and terminology can make compliance a stressful part of running your dental practice. Today we’re sharing 5 of the most helpful HIPAA abbreviations to know.
Let’s start with the basics. HIPAA stands for Healthcare Insurance Portability and Accountability Act of 1996. HIPAA was introduced to improve portability and accountability of healthcare coverage for employees between jobs and ensure employees with pre-existing health conditions were provided with health insurance coverage. Since 1996, there have been several updates to HIPAA, notably the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Enforcement Rule, the HIPAA Omnibus Final Rule, and the Breach Notification Rule. As a result of these amendments, HIPAA is now more commonly associated with protecting patient privacy and ensuring safeguards are implemented to ensure the confidentiality, integrity, and availability of electronic patient health information.
PHI stands for Protected Health Information. Under HIPAA, PHI refers to individually identifiable information relating to the health status of an individual, the provision of healthcare, or individually identifiable information that is created, collected, or transmitted by a HIPAA-covered entity in relation to payment for healthcare services. Examples of individually identifiable health information include the following: name, telephone number, email address, Social Security Number, account number, full-face photographic images, in addition to the numerous additional identifiers. Related, ePHI stands for electronic Protected Health Information, and refers to any PHI that is created, stored, transmitted, or received electronically.
A business associate is a third-party individual or entity that performs activities on behalf of your practice while requiring access to PHI. Examples of business associates include your practice management provider, IT company, attorney, patient reminder vendor, and/or accountant. A Business Associate Agreement, or BAA, in turn, is a written agreement between you and each of these parties, ensuring they will abide by HIPAA when handling your patients’ PHI. Without BAAs in place, your practice will likely assume liability for any breaches or HIPAA slip-ups that occur on their watch.
EHRs, or Electronic Health Records, are electronic versions of patient charts, and can include any of the following: medical history, notes, symptoms, diagnoses, medications, lab results, vital signs, immunizations, and reports from diagnostic tests such as xrays. EHRs, under the HIPAA Security Rule, require specific protections to safeguard your patients’ electronic health information.
HHS refers to Health & Human Services, and HIPAA is enforced by the HHS Office for Civil Rights. Should your practice suffer a breach, you’d be responsible for notifying the Secretary of HHS. If that breach were to affect greater than 500 patients, you’d also be required to notify prominent media outlets serving the state or jurisdiction. These requirements help patients know if their information has been breached, and keeps providers accountable for EHR protection.
Recognizing these basic HIPAA abbreviations is just the beginning of understanding your requirements as a covered entity. Whether you need more information on HIPAA’s individual rules, assistance obtaining BAAs from your vendors, or a thorough risk assessment for your practice, Digital Technology Partners’ dedicated HIPAA compliance team is happy to assist. To get in touch, call (770) 918-0075 or send us a message.