Maine's Public Universities - University of Maine System
Life the way it should be

 

UNIVERSITY OF MAINE SYSTEM

HIPAA GENERAL OPERATING POLICY #3

DEFINITIONS

As used in the University of Maine System HIPAA General Operating Policies, the following terms have the following meanings, unless otherwise specified:

 

BUSINESS ASSOCIATE means, with respect to a Covered Entity, a person who:

(1) on behalf of such Covered Entity or an Organized Health Care Arrangement (OHCA), but other than in the capacity of a member of the workforce of such Covered Entity, performs, or assists in the performance of:

 

    • 1)                    A function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing; or
    • 2)                    Any other function or activity regulated by HIPAA; or

 

(2) provides, other than in the capacity of a member of the workforce of such Covered Entity, legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such Covered Entity or an OHCA, where the provision of the service involves the disclosure of individually identifiable health information from such Covered Entity or OHCA, or from another Business Associate of such Covered Entity or OHCA, to the person.

 

CODE SET means any set of codes used to encode data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.  It includes the codes and descriptors of the codes.

 

COVERED ENTITY means one of the following:

    • 1)                    A health plan
    • 2)                    A health care clearinghouse
    • 3)                    A health care provider who transmits any health information in electronic form in connection with a covered transaction.

 

COVERED FUNCTIONS means those functions of a Covered Entity the performance of which makes the entity a health plan, health care provider or health care clearinghouse .

 

COVERED TRANSACTION is the transmission of information between two parties to carry out financial or administrative activities related to health care.  It includes the following types of information exchanges:

 

  • 1)                    Health care claims or equivalent encounter information
  • 2)                    Health care payment and remittance advice
  • 3)                    Coordination of Benefits

 

 
  • 4)                    Health care claim status
  • 5)                    Enrollment and dis-enrollment in a health plan
  • 6)                    Eligibility for a health plan
  • 7)                    Health plan premium payments
  • 8)                    Referral certification and authorization
  • 9)                    First report of injury
  • 10)               Health claims attachments
  • 11)               Other transactions which the Secretary of DHHS may prescribe by regulation

 

DESIGNATED RECORD SET means a group of records maintained by or for a Covered Entity that is:

 

    • 1)                    The medical records and billing records about individuals maintained by or for a covered health care provider;
    • 2)                    The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
    • 3)                    Used, in whole or in part, by or for the covered entity to make decisions about individuals.

For purposes of this definition, the term record means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used or disseminated by or for a covered entity.

 

ELECTRONIC MEDIA means electronic storage media including memory devices in computers (hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or transmission media used to exchange information already in electronic storage media.  Transmission media include, for example, the Internet, Extranet, leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media.  Transmissions via paper, facsimile or voice via telephone are not considered to be transmissions via electronic media, because the information exchanged did not exist in electronic form before the transmission.

 

ELECTRONIC PROTECTED HEALTH INFORMATION (EPHI) means individually identifiable health information:

 

1.               Except as provided in (2) of this definition, that is:    

 

                    i.                transmitted by electronic media; or

                    ii.              maintained in electronic media;

 

2.               EPHI excludes individually identifiable health information in:             

                    i.                 Education records covered by FERPA (20 U.S.C. 1232g);

                    ii.              Records on a student who is eighteen years of age or older, or is attending an institution of postsecondary education, which are made or maintained by a physician, psychiatrist, psychologist, or other recognized professional or paraprofessional acting in his professional or paraprofessional capacity or assisting in that capacity, and which are made, maintained, or used only in connection with the provision of treatment to the student, and are not available to anyone other than persons providing such treatment, except that such records can be personally reviewed by a physician or other appropriate professional of the student=s choice; and

                    iii.             Employment records held by a covered entity in its role as employer.

 

HEALTH CARE means care, services or supplies related to the health of an individual.  It includes, but is not limited to:

  • 1)                    preventative, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and
  • 2)                    sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.

HEALTH CARE CLEARINGHOUSE means a public or private entity, including a billing service, re-pricing company, community health management information system or community health information system, and Avalue-added@ networks and switches, that does either of the following functions:

1)                    processes or facilitates the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction.

    • 2)                    receives a standard transaction from another entity and processes or facilitates the processing of health information into nonstandard format or nonstandard data content for the receiving entity.

HEALTH CARE COMPONENT means a component or combination of components of a Hybrid Entity designated and documented by the Hybrid Entity.  The Health Care Component must include any component that would meet the definition of Covered Entity if it were a separate legal entity.  The Health Care Component may also include a component only to the extent it performs:

  • 1)                    Covered functions; or
  • 2)                    Activities that would make such component a business associate of a component that performs covered functions if the two components were separate legal entities.

The Health Care Component (AHCC@) of the University of Maine System is defined in General Operating Policy #43.

HEALTH CARE OPERATIONS means any of the following activities of the Covered Entity to the extent the activities are related to covered functions:

 

    • 1)                    Conducting quality assessment and improvement activities
    • 2)                    Reviewing the competence or qualifications of health care professionals, evaluating provider performance and conducting training programs
    • 3)                    Underwriting, premium rating, and other activities relating to the creation, renewal or replacement of a contract of health insurance.
    • 4)                    Conducting or arranging for medical review, legal services and auditing functions
    • 5)                    Business planning and development
    • 6)                    Business management and general administrative duties of the entity

HEALTH CARE PROVIDER means a provider of services, a provider of medical or health services, and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.

HEALTH INFORMATION means any information, whether oral or recorded in any form or medium, that:

1)  Is created or received by health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

2)   Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

HEALTH PLAN means an individual or group plan that provides, or pays the cost of, medical care. A health plan includes a group health plan, defined as an employee welfare benefit plan (ERISA) that has 50 or more participants or is administered by an entity other than the employer that established and maintains the plan.

HIPAA means the Health Insurance Portability and Accountability Act of 1996, as amended.

HYBRID ENTITY means a single legal entity that is a Covered Entity whose business activities include both covered and non-covered functions and who designates health care components in accordance with the regulations.  The University of Maine System is a Hybrid Entity.

INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION means information that is a subset of health information, including demographic information collected from an individual, and:

1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or

(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

PAYMENT means the activities undertaken by a health plan to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits under the health plan or the activities undertaken by a health care provider or health plan to obtain or provide reimbursement for the provision of health care.

PRIVACY RULE means the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Part 160 and Part 164, Subparts A and E.

PROTECTED HEALTH INFORMATION or APHI@ means individually identifiable health information:

 1)  Except as provided in (2) of this definition, that is:

  • (i)  transmitted by electronic media;
        • (ii)                maintained in any medium described in the definition of electronic media; or
        • (iii)              transmitted or maintained in any other form or medium

2)              PHI excludes individually identifiable health information in:

(i)                   Education records covered by FERPA (20 U.S.C. 1232g);
(ii)                Records on a student who is eighteen years of age or older, or is attending an institution of postsecondary education, which are made or maintained by a physician, psychiatrist, psychologist, or other recognized professional or paraprofessional acting in his professional or paraprofessional capacity or assisting in that capacity, and which are made, maintained, or used only in connection with the provision of treatment to the student, and are not available to anyone other than persons providing such treatment, except that such records can be personally reviewed by a physician or other appropriate professional of the student=s choice; and
(iii)              Employment records held by a covered entity in its role as employer.

PSYCHOTHERAPY NOTES means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint or family counseling session and that are separated from the rest of the individual=s medical record.  APsychotherapy Notes@ excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items; diagnosis, functional status, the treatment plan, symptoms, prognosis and progress to date.

SECRETARY - The term ASecretary@ shall mean the Secretary of the U. S. Department of Health and Human Services or his/her designee.

SECURITY RULE means the Security Standards for the Protection of Electronic Protected  Health Information at 45 C.F.R. Part 160 and Part 164, Subparts A and C.

TREATMENT means the provision, coordination or management of health care and related services by one or more health care providers, including coordination or management of health care by a health care provider with a third party, consultation between health care providers and referral of a patient for health care from one health care provider to another.

WORKFORCE means employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a Covered Entity, is under the direct control of such entity, whether or not they are paid by the Covered Entity.

Revised: 05/09/05

16 Central Street   Bangor, ME 04401