Term
|
Definition
| CE (Covered Entity): Any business entity that must comply with HIPAA regulations (includes health-care providers, health plans and health-care clearinghouses) |
|
|
Term
|
Definition
| Criminal Penalties: Anyone who knowingly misuses health information can be fined up to $50,000 including up to a year of imprisonment. |
|
|
Term
| De-Identified Information |
|
Definition
| De-Identified Information: De-identified data require no individual privacy protections and are not covered by the Privacy Rule. |
|
|
Term
| PHI (Protected Health Information) |
|
Definition
| PHI (Protected Health Information): Relates to past, present, or future physical or mental condition of an individual; provisions of healthcare to an individual; or for payment of care provided to an individual. This includes any individually identifiable health information collected from an individual by a healthcare provider, employer or plan that includes name, social security number, phone number, medical history, current medical condition, test results and more. |
|
|
Term
|
Definition
| Due Diligence: An organization is in violation, but they have taken every possible step they could have foreseen to prevent that. |
|
|
Term
|
Definition
| Privacy Rule: The part of the HIPAA rule that addresses the saving, accessing and sharing of medical and personal information of an individual, including a patient’s own right to access. |
|
|
Term
|
Definition
| Security Rule: The part of the HIPAA rule that outlines national security standards intended to protect health data created, received, maintained or transmitted electronically. |
|
|
Term
| TPO (Treatment,” “Payment,” and “Health Care Operations”) |
|
Definition
| TPO ("Treatment,” “Payment,” and “HC Operations”): “Treatment” generally means the provision, coordination, or management of health care and related services. “Payment” encompasses the various activities of health care providers to obtain payment or be reimbursed for their service. “Health care operations” are certain administrative, financial, legal, and quality improvement activities of a covered entity. |
|
|
Term
|
Definition
| Patient Notice: A covered entity is required to provide the individual with adequate notice of its privacy practices. |
|
|
Term
|
Definition
Minimum Necessary: A covered entity must develop policies and procedures that reasonably limit its disclosures of, and requests for, protected health information for payment and health care operations to the minimum necessary. limit which members of its workforce may have access to
protected health information. |
|
|
Term
|
Definition
| Reasonable Cause: The steps have been taken, but something was not addressed. For example, a company went into a HIPAA audit and provided a gap analysis, but something wasn’t addressed yet. The violation is due to reasonable cause and not willful neglect. |
|
|
Term
|
Definition
| Willful Neglect: There are two types of willful neglect. The first is when a company clearly ignores the HIPAA law but corrects their mistake within the given amount of time. The second type of willful neglect is when a company ignores the HIPAA law and does not correct their mistake. |
|
|
Term
| Cobit (The Control Objectives for Information and related Technology) |
|
Definition
| Cobit (The Control Objectives for Information and related Technology): CobiT is a set of best practices for IT management. It is designed to help ensure IT programs are implemented and managed effectively to maximize the investment of technology efficiently. strong CobiT compliance typically indicates a higher quality of control over internal practices that help manage an effective security infrastructure. |
|
|
Term
| ITIL (Information Technology Infrastructure Library) |
|
Definition
| ITIL (Information Technology Infrastructure Library): A set of Best Practice guidance for IT Service Management. giving guidance on the provision of Quality IT Services, and on the Processes and facilities needed to support them. |
|
|
Term
| PMBOK (Project Management Body of Knowledge Guide) |
|
Definition
| PMBOK (Project Management Body of Knowledge Guide): A publication by the Project Management Institute on best practices for project management. |
|
|
Term
| RFI Request for Information |
|
Definition
| RFI Request for Information: procurement document sent to one or more vendors to secure comparative information on product function, ancillary services, and price. usually provides extensive description(s) of the requirements that the bidder’s solution must satisfy to be acceptable. |
|
|
Term
|
Definition
| RFP Request for Proposal: This is a procurement document sent to one or more vendors which seeks a proposed solution to the described service needs of the requestor. do not include detailed specifications on what the requestor needs. |
|
|
Term
| RFQ Request for Quotation |
|
Definition
| RFQ Request for Quotation: used when the product that is being sought is rather conventional and does not require much description or requirements. generally secures vendor prices for commodities. |
|
|
Term
|
Definition
| Subscription-Based Model: A business model based on a monthly fee charged for the use of equipment, software, services or content, or some combination of those. |
|
|
