Identifiable Health Information (IHI)
|
Impact Analysis
See "Risk Analysis".
|
Implementation Guide (IG)
A document explaining the proper use of a standard for a specific business purpose. The X12N HIPAA IGs are the primary reference documents used by those implementing the associated transactions, and are incorporated into the HIPAA regulations by reference.
Related Terms: Implementation Specification
|
Implementation Specification
The specific instructions for implementing a standard.
[45 CFR 160.103]
Related Terms: Implementation Guide
|
Incidental Uses and Disclosures
General Provision
The Privacy Rule permits certain incidental uses and disclosures that occur as a by-product of another permissible or required use or disclosure, as long as the covered entity has applied reasonable safeguards and implemented the minimum necessary standard, where applicable, with respect to the primary use or disclosure. (See 45 CFR 164.502(a)(1)(iii)) An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule. However, an incidental use or disclosure is not permitted if it is a by-product of an underlying use or disclosure which violates the Privacy Rule.
Reasonable Safeguards
A covered entity must have in place appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the Privacy Rule, as well as that limit incidental uses or disclosures. (See 45 CFR 164.530(c)) It is not expected that a covered entity’s safeguards guarantee the privacy of protected health information from any and all potential risks. Reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business. In implementing reasonable safeguards, covered entities should analyze their own needs and circumstances, such as the nature of the protected health information it holds, and assess the potential risks to patients’ privacy. Covered entities should also take into account the potential effects on patient care and may consider other issues, such as the financial and administrative burden of implementing particular safeguards.
|
Indirect Treatment Relationship
A relationship between an individual and a health care provider in which:
- The health care provider delivers health care to the individual based on the orders of another health care provider; and
- The health care provider typically provides services or products, or reports the diagnosis or results associated with the health care, directly to another health care provider, who provides the services or products or reports to the individual.
|
Individual
The person who is the subject of protected health information.
|
Individually Identifiable Health Information
Information that is a subset of health information, including demographic information collected from an individual, and:
- Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
- Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
- That identifies the individual; or
- With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
|
Information Access Control
Security in any computer system requires formal policies and procedures for granting and controlling access to available resources. Your practice should develop specific criteria for granting defined levels of access to all users and adopt the required mechanisms to maintain access control.
Before you grant a user access to your practice’s computer system, you must determine his or her level of access based on job role and the information that person needs to get the job done. For example, a billing department employee will need access to a patient’s financial information as well as scheduling information to determine when the next office visit is due. On the other hand, a receptionist might need access only to the scheduling system; if the receptionist in your practice has no reason see the financial or personal medical data of patients, you should establish a method to restrict his or her access to that data.
Note that in the HIPAA final rule, the term “access control” was removed as being too narrow. Nevertheless, access controls will form the basis of your HIPAA security plan, so it is important that you understand them.
|
Information Model
A conceptual model of the information needed to support a business function or process.
|
Information System
Information System means an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.
|
Inmate
A person incarcerated in or otherwise confined to a correctional institution.
|
Integrity
Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.
|
Interactive Health Care Eligibility/Benefit Response (IHCEBR)
See X12 271
|
Interactive HealthCare Eligibility/Benefits Inquiry (IHCEBI)
See X12 270
|
Interactive Healthcare Claim/Encounter (IHCLME)
See X12 837
|
International Association of Industrial Accident Boards and Commissions (IAIABC)
One of their standards is under consideration for use for the First Report of Injury standard under HIPAA.
|
International Classification of Diseases (ICD)
A medical code set maintained by the World Health Organization (WHO). The primary purpose of this code set was to classify causes of death. A US extension of this coding system, maintained by the NCHS within the CDC, identifies morbidity factors, or diagnoses. The ICD-9-CM codes have been selected for use in the HIPAA transactions.
How the abbreviation ICDnCM/PCS breaks down:
ICD = International Classification of Diseases
n = revision number
CM = Clinical Modification
PCS = Procedure Coding System
Related Terms: Clinical Modification ; International Classification of Diseases, Revision 9, Clinical Modification; National Center for Health Statistics ; Procedure Coding System ; World Health Organization
|
International Classification of Diseases, Revision 9, Clinical Modification (ICD-9-CM)
Related Terms: International Classification of Diseases
|
International Organization for Standardization (ISO)
An organization that coordinates the development and adoption of numerous international standards.
|
International Standards Organization
See International Organization for Standardization (ISO)
|
