The National Academies Press

Currently Skimming:

Pages 14-19

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 14... ... 14 ual.102 However, individually identifiable health information is information that "[i] s created or received by a health care provider, health plan, employer, or health care clearinghouse… (emphasis added) Read the entire page →
From page 15... ... 15 stitution,110 as well as on the basis that it is unconstitutionally vague,111 the rule's constitutionality has been upheld. Read the entire page →
From page 16... ... 16 2. Mandatory Disclosures of PHI A disclosure to an individual of his or her health information is one of HIPAA's permissive uses or disclosures of PHI. Read the entire page →
From page 17... ... 17 3. Minimum Disclosure Requirement When disclosing PHI, such as in response to a subpoena or court order, "a covered entity or business associate must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request."135 C Read the entire page →
From page 18... ... 18 dures for the protection of "a covered entity's or business associate's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion."151 A covered entity or business associate must "[i] mplement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed…."152 As for technical standards, a covered entity or business associate must have "technical policies and procedures" in place so that only "those persons or software programs that have been granted rights have access to protected health information…."153 Prior to HITECH, only state laws applied to breaches of privacy.154 There was no federal requirement for notification of a security breach caused by an improper disclosure of medical information. Read the entire page →
From page 19... ... 19 email168 or by telefax.169 However, some transit agencies may be receiving PHI from covered entities (or their business associates) such as when transit agencies are participating in a coordinated transportation services program or are serving as direct providers to covered entities pursuant to an agreement.170 East Bay Paratransit Consortium (EBPC) Read the entire page →

From page 14...

... 14 ual.102 However, individually identifiable health information is information that "[i] s created or received by a health care provider, health plan, employer, or health care clearinghouse… (emphasis added)

Read the entire page →

From page 15...

... 15 stitution,110 as well as on the basis that it is unconstitutionally vague,111 the rule's constitutionality has been upheld.

Read the entire page →

From page 16...

... 16 2. Mandatory Disclosures of PHI A disclosure to an individual of his or her health information is one of HIPAA's permissive uses or disclosures of PHI.

Read the entire page →

From page 17...

... 17 3. Minimum Disclosure Requirement When disclosing PHI, such as in response to a subpoena or court order, "a covered entity or business associate must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request."135 C

Read the entire page →

From page 18...

... 18 dures for the protection of "a covered entity's or business associate's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion."151 A covered entity or business associate must "[i] mplement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed…."152 As for technical standards, a covered entity or business associate must have "technical policies and procedures" in place so that only "those persons or software programs that have been granted rights have access to protected health information…."153 Prior to HITECH, only state laws applied to breaches of privacy.154 There was no federal requirement for notification of a security breach caused by an improper disclosure of medical information.

Read the entire page →

From page 19...

... 19 email168 or by telefax.169 However, some transit agencies may be receiving PHI from covered entities (or their business associates) such as when transit agencies are participating in a coordinated transportation services program or are serving as direct providers to covered entities pursuant to an agreement.170 East Bay Paratransit Consortium (EBPC)

Read the entire page →

Key Terms

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.