| A | B |
|---|
| Authorization | The process of determining whether a particular user (or a computer system) has the right to carry out a certain activity, such as reading a file or running a program. Also, a form giving written permission for something, such as the release of medical information. |
| disclosure | The release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information. |
| accounting of disclosures | A report that tells a patient to whom his or her health information has been disclosed. |
| Acknowledgment of Receipt of Notice of Privacy Practices | A form signed by patients indicating they have received a copy of a health care provider's notice of privacy practices. |
| amendment | A correction of a finalized entry in a medical record that has been identified as incorrect. |
| de-identified health information | Medical data from which individual identifiers have been removed. |
| designated record set (DRS) | A group of medical records. For providers, it includes medical and billing records but not other items, such as lab tests. For a health plan, the designated record set includes enrollment, payment, claim decisions, and medical management systems of the plan. |
| documentation | Systematic, logical, and consistent recording of a patient's health status—history, examinations, tests, results of treatments, and observations—in chronological order in a patient medical record. |
| electronic medical record (EMR) | or electronic health record (EHR or EMR) Collection of health information that is immediately electronically accessible by authorized users. |
| encounter | Visit between a patient and a medical professional. |
| HIPAA privacy rule | Law that regulates the use and disclosure of patients' protected health information (PHI). |
| hybrid record | Medical record that is made up of both electronic and paper documents. |
| incidental use and disclosure | The release of protected health information (PHI) that happens as a result of correct use and disclosure. |
| medical record | Progress notes, reports, and other clinical materials relating to a patient and maintained by a health care provider. |
| medical standards of care | State specified performance measures for the delivery of health care by medical professionals. |
| minimum necessary standard | Principle that individually identifiable health information should be disclosed only to the extent needed to support the purpose of the disclosure. |
| Notice of Privacy Practices (NPP) | A document stating the privacy policies and procedures of a covered entity (CE). |
| protected health information (PHI) | The HIPAA terminology for individually identifiable health information in any medium, except such information maintained in education records covered by the Family Educational Rights and Privacy Act (FERPA) and employment records. |
| release of information (ROI) | Release of information (ROI) of a patient's information. |
| subpoena | An order by a court requiring a party to appear and testify. |
| subpoena duces tecum | A subpoena that also includes the requirement to bring certain documents. |
| treatment, payment, and health care operations (TPO) | Under HIPAA, the rule that patients' protected health information may be shared without authorization for the purposes of treatment, payment, and operations. |
