HIPAA References

Some Definitions

Business Associate (BA): Applies to answering services and call centers, in addition to other services with access to PHI, retained by CEs to facilitate their business
Business Associate Contract (BAC): The contract that establishes the basis for a Business Associate to receive confidential information from the Covered Entity that retains their services. It also spells out the BA’s obligations and liability regarding handling and disclosure of PHI.
Covered Entity (CE): Parties which have access to PHI, including doctors, hospitals, clinics, and other healthcare providers.
Personal Health Information (PHI): Confidential information related to an individual. Safeguarding PHI against disclosure to unauthorized parties is the purpose of HITECH’s provisions. Per-instance penalties are provided.
HTTPS: An encryption-based technology that allows exchange of confidential information over an insecure medium. For example, you can send credit card or personal health information over the internet using HTTPS.

Official Documents

These will open in a new browser window.

• Summary of the HIPAA Privacy Rule (hhs.gov)
• HITECH Act Enforcement Interim Final Rule (hhs.gov)