|
All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Biometric Identifier
An identifier based on some physical characteristic, such as a fingerprint.
|
Biometrics
The science and technology of measuring and statistically analyzing biological data.
In information technology, it usually refers to technologies for measuring and analyzing human body characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements, especially for authentication purposes.
|
Birthing Center
A facility, other than a hospital's maternity facilities or a physician's office, which provides a setting for labor, delivery, and immediate post-partum care as well as immediate care of new born infants.
|
Blue Cross and Blue Shield Association
An association that represents the common interests of Blue Cross and Blue Shield health plans. The BCBSA serves as the administrator for the Health Care Code Maintenance Committee and also helps maintain the HCPCS Level II codes.
|
Business Associate (BA)
(1)A person or organization that performs a function or activity on behalf of a covered entity, but is not part of the covered entity's workforce. A business associate can also be a covered entity in its own right. Also see Part II, 45 CFR 160.103.
(2)A person to whom the covered entity discloses protected health information so that the person can carry out, assist with the performance of, or perform on behalf of, a function or activity for the covered entity.
- Except as provided in paragraph (2) of this definition, business associate means, with respect to a covered entity, a person who:
- On behalf of such covered entity or of an organized health care arrangement (as defined in § 164.501 of this subchapter) in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, performs, or assists in the performance of:
- A function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing; or
- Any other function or activity regulated by this subchapter;
or
- Provides, other than in the capacity of a member of the workforce of such covered entity, legal, actuarial, accounting, consulting, data aggregation (as defined in § 164.501 of this subchapter), management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates, where the provision of the service involves the disclosure of individually identifiable health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person.
- A covered entity participating in an organized health care arrangement that performs a function or activity as described by paragraph (1)(i) of this definition for or on behalf of such organized health care arrangement, or that provides a service as described in paragraph (1)(ii) of this definition to or for such organized health care arrangement, does not, simply through the performance of such function or activity or the provision of such service, become a business associate of other covered entities participating in such organized health care arrangement
- A covered entity may be a business associate of another covered entity.
Related Terms: Business Associate Agreement
|
Business Associate Agreement
HIPAA applies directly to:
- A health plan.
- A health care clearinghouse.
- A health care provider who transmits any health information in electronic form in connection with a transaction covered by subchapter 45 CFR 160.103.
It does not apply to any other parties, except for a special group HIPAA calls Business Associates(BA). BA's are businesses that have access to protected health information(PHI) from a covered entity as a normal course of business. (See the definition of a Business Associate for more clarification of the term.) Since HIPAA does not apply directly, the law mandates that covered entities MUST have the BA sign a Business Associate Agreement(BAA) agreeing to provide the same privacy and security to the data that the covered must do. If the BA refuses to sign or violates this agreement, the covered entity must ultimately stop doing business with the BA.
This agreement is a contract that is enforceable in court and is sometime referred to as the Business Associate Contract.
There are various levels of BAA's depending on the level of access or availability the BA has to the PHI. A janitorial firm or computer consultant, for example, is not given access to PHI but has availability to it. These BAA's should be a confidentiality agreement. On the other hand, a third party collection business or a law firm representing the covered entity is given direct access to the PHI and must sign a full BAA. Essentially, in the later example, the Agreement pulls the BA deep into the HIPAA compliance water. That Agreement says the BA will treat the data the same as the covered entity.
There are circumstances where BA's give the protected health information to another party that may not even have a direct relationship with the original covered entity. This type of relationship requires a "Chain of Trust" Agreement between the multiple Business Associates. (See Chain of Trust for more details.)
The Office of Civil Rights gives this definition:
When a covered entity uses a contractor or other non-workforce member to perform "business associate" services or activities, the Rule requires that the covered entity include certain protections for the information in a business associate agreement (in certain circumstances governmental entities may use alternative means to achieve the same protections). In the business associate contract, a covered entity must impose specified written safeguards on the individually identifiable health information used or disclosed by its business associates. Moreover, a covered entity may not contractually authorize its business associate to make any use or disclosure of protected health information that would violate the Rule. Covered entities that have an existing written contract or agreement with business associates prior to October 15, 2002, which is not renewed or modified prior to April 14, 2003, are permitted to continue to operate under that contract until they renew the contract or April 14, 2004, whichever is first.
Related Terms: Business Associate; Chain of Trust Agreement
|
Business Model
A model of a business organization or process.
|
Business Partner (BP)
A term used in the HIPAA Privacy NPRM to identify organizations that perform business functions for a covered entity, and should therefore be required to accept the same obligations for protecting any individually identifiable health care information that they receive from the covered entity.
|
Business Relationships
The term agent is often used to describe a person or organization that assumes some of the responsibilities of another one. This term has been avoided in the final rules so that a more HIPAA-specific meaning could be used for business associate.
|
|
|
