HOW CAN WE HELP YOU? Call 1-800-TRY-CHOP
In This Section
HIPAA Glossary
Term | Definition |
---|---|
Accounting for Disclosures | Information that describes the Hospital's Disclosures of PHI other than for Treatment, Payment, and Healthcare Operations (TPO); Disclosures made with Authorization; and certain other limited Disclosures. Patients are entitled to request an account of these Disclosures. |
Actions | May include but are not limited to preliminary analysis of data, submission of progress reports, adverse event reporting, reporting of study to DSMB. |
Authorization |
Hospital personnel must get a signed, written Authorization from the patient in order to use or disclose PHI for purposes other than Treatment, Payment or Healthcare Operations (TPO). Authorizations would be needed, for example, for some types of research and for contacting our patients for marketing or fund raising. Each Authorization must include, among other things:
|
Business Associate | A person or organization that has a written or unwritten contract to perform an activity on behalf of CHOP, involving the Use or Disclosure of PHI. |
Coded |
Coded data and specimens are defined by OHRP as meaning:
Some PHI elements may remain in the dataset if required for the research. Typically this might include the elements permitted in a limited data set. |
Data Use Agreement | An agreement with the intended recipient of a Limited Data Set that establishes the ways in which the information in the Limited Data Set may be used and how it will be protected. |
Decedent | A deceased person |
Deidentified |
Deidentified datasets are those (1) without any elements of PHI and (2) without a way for the investigator/recipient to relink the data back to PHI. The elements of PHI from the individual, relatives of the individual, employers or household members of the individual that must be excluded for the dataset to be considered deidentified include:
* These items may be included in a Limited Data Set. |
Designated Record Set | A group of records maintained by or for the Hospital that include (1) medical and billing records about individuals maintained by or for a covered health care provider; (2) enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or (3) used, in whole or in part, by or for the Hospital to make decisions about individuals. A record is any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for the Hospital. |
Disclosure | The release, transfer, provision of access, to, or divulging in any other manner of information outside the Hospital. |
Fully Executed | The signatures of all parties to an agreement |
HIM | Health Information Management |
hipaa | The Health Insurance Portability and Accountability Act of 1996. It includes the Privacy Rule, which becomes effective April 14, 2003. |
Hospital | The Children's Hospital of Philadelphia (CHOP) and all its affiliates, practices and subsidiaries |
Individual | The person who is the subject of PHI |
Individually Identifiable Health Information | Information that is a subset of health information, including demographic information collected from an individual, and (1) is created or received by a health care provider, health plan, employer, or healthcare clearinghouse; and (2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of healthcare to an individual; and (a) that identifies the individual; or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual. |
Investigator | Person conducting research as defined in a protocol |
Limited Data Set |
A limited data set is protected health information (PHI) that excludes certain PHI. A limited data must exclude the same PHI as required for a Deidentified data set except for the following: some postal address information (city, state, ZIP Code); elements of date; and other numbers, characteristics, or codes not listed as direct identifiers. A limited dataset may be used or disclosed, for purposes of research, public health, or health care operations, without obtaining either an individual's Authorization or a waiver or an alteration of Authorization for its Use and Disclosure, provided the provider and the recipient have executed a Data Use Agreement. Creating a Limited Data Set: Delete/remove all elements of PHI from the data that would be required to created a Deidentified data set with the exception of the following items:
|
Minimum Necessary | The least information reasonably necessary to accomplish the intended purpose of the Use, Disclosure, or request. |
Notice of Privacy Practices | This notice describes the Hospital's Uses and Disclosures of PHI, and the patient's PHI rights. Each of our patients must receive this notice when services are first delivered - either upon admission or when first seen as an outpatient, or after a treatment telephone call or e-mail. |
PHI (Protected Health Information; also called patient or health information) | PHI is Individually Identifiable Information transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium. There are 18 PHI identifiers of individual patients, their relatives, household members or employers. These include: name; all geographic identifiers smaller than a state, including address and zip codes; dates except for years (including birth, admission, discharge or death dates); Social Security numbers; telephone and fax numbers; e-mail addresses; and medical record and health plan numbers. (See De-identified and Individually Identifiable Health Information) |
Preparatory to Research | Activities done as part of designing a study and/or determining the feasibility of conducting a study. These activities would be prior to submitting an IRB protocol. |
Prospective | In a prospective study, data is collected going forward in time; IRB approval is required. For prospective research the timepoint is from the date of submission to the IRB. |
Protocol | A description of a research project that sets forth explicit objectives and formal procedures designed to reach the objectives of the study. |
Research | A systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge. This includes the development of research repositories and databases for research. |
Retrospective | In a retrospective study, the research is based on records, biospecimens or other materials that exist already. IRB approval is required. For retrospective research, all of the materials must exist as of the date of submission to the IRB. |
Subject | Individual or individual's data used in a research study |
Treatment, Payment and Healthcare Operations (TPO) | Without first getting written authorization, the Hospital can use PHI for Treatment, Payment and Healthcare Operations purposes. So a patient's case can be discussed among the medical staff, including those undergoing training, and referring physicians. PHI can be used for submitting claims for payment and for such healthcare operations purposes as quality assurance, utilization review, case management and risk management - all without getting a written Authorization from the patient. |
Use | This includes but is not limited to the application, utilization, examination or analysis of PHI. |
Waiver of Authorization | The determination and documentation that the Hospital obtains from the IRB that states that the IRB has waived or altered the Privacy Rule's requirement that an individual must authorize the Hospital to use or disclose the individual's PHI for research purposes. |
Workforce | Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the Hospital, is under direct control of the Hospital, whether or not they are paid by the Hospital. |