HIPAA Timeline

HIPAA Terminology 7
Term	Definition
Covered entities (CE)	The applicability for the General Administrative Requirement of HIPAA are applied to these following entities defined by HIPAA as covered entities: a health plan, a health care clearinghouse or a health care provider who transmits PHI electronically.
Department of Health and Human Services DHHS	Government agency responsible for HIPAA implementation and enforcement.
Office of Civil Rights OCR	The DHSS departmental component responsible for implementing and enforcing the privacy regulation. (OCR web site).
Health Plan	An individual or group plan that provides or pays the cost of medical care.
Healthcare provider	A provider who transmits any health information in electronic form in connection with a transaction covered by part 160.
Health care clearinghouse	Means a public or private entity, including a billing service, repricing company, community health management information system or community health information system and value-added networks and switches that processes or facilitates the process if health information or receives a standard transaction from another entity and processes or facilitates that processing of health information into nonstandard format or nonstandard data content for the receiving entity.
Business associate	A person, who on behalf of a CE or OHCA performs a function or activity involving the use of disclosure of IIHI, provides this service other than in the capacity of a member of the workforce is defined as a business associate.
Protected health information (PHI)	Patient identifiable information that is protected by HIPAA. Includes patient information stored in any media.
Individually identifiable health information IIHI	Information that is a subset of health information, including demographic information collect from an individual that is created or received by the CE and identifies the individual or is believed that the information can be used to identify the individual.