Data+Segmentation+Working+Glossary

include component="page" wikiName="siframework" page="Data Segmentation Header"

Working Glossary Of Relevant Terms for Data Segmentation for Privacy

 * **Definition** || **Description** ||
 * Section 7332, Title 38, USC || Federal law that requires certain VA treatment centers to seek consent of their patients before disclosing specific types of sensitive information, e.g., HIV, Sickle Cell Anemia ||
 * 42 CFR Part 2 || Regulation that addresses the limitations on the release of patient information related to treatment in a Federally designated Alcohol and Drug Abuse Treatment Program (Reference 42 CFR § 2.13) ||
 * HITECH §13405 and Proposed Rule 45 CFR Part 164.522(a) (1) (iv) || Regulation that addresses the rights of patients to restrict the sharing of their health information with payers for self-pay care ||
 * Accounting of Disclosures || A listing of the disclosures of an individual’s individually identifiable health information as limited by the HIPAA Privacy Rule (45 CFR § 164.528). ||
 * Alcohol Abuse || A pattern of drinking alcoholic beverages that result in harm to one’s health, interpersonal relationships, or ability to work. ||
 * Additionally Protected Patient Data || Patient healthcare data for which there are legal or regulatory constraints on the sharing of the data that go beyond those defined under HIPAA ||
 * Alcohol and Drug Abuse Treatment Program (ADATP) || (a) An individual or entity (other than a general medical care facility) who holds itself out as providing, and provides, alcohol or drug abuse diagnosis, treatment or referral for treatment; or (b) An individual or entity (other than a general medical care facility) who holds itself out as providing, and provides, alcohol or drug abuse diagnosis, treatment or referral for treatment; or (c) Medical personnel or other staff in a general medical care facility whose primary function is the provision of alcohol or drug abuse diagnosis, treatment or referral for treatment and who are identified as such providers ||
 * Annotate || To associate a data element with additional information needed to make information handling decisions based on applicable policy. ||
 * Authorization || Method and form to secure permission from an individual for the use, or disclosure of individually identifiable health information, for any activity not specifically allowed without one. Uses and disclosures related to treatment, payment, and healthcare operations generally do not require a HIPAA authorization; but some non-healthcare related activities such as marketing do. Authorization is a new term used in the HIPAA Privacy Rule to denote an activity that has often been called a consent or a release (Per 42 CFR § 2.13 and 38 CFR § 1.475). ||
 * Consenter || A person or entity that has the legal authority to give permission to release health information. ||
 * Consent Directive for Privacy || The record of one or more instruction(s) regarding an individual's privacy preferences that a Provider or organization agrees to or is required by law to enforce. ||
 * Consent Management || Consent management is a system, process or set of policies for allowing consumers and patients to determine what health information they are willing to permit their various care providers to access. It enables patients and consumers to affirm their participation in e-health initiatives and to establish privacy preferences to determine who will have access to their protected health information (PHI), for what purpose and under what circumstances. Consent management supports the dynamic creation, management and enforcement of consumer, organizational and jurisdictional privacy directives. ||
 * Consent Subject || The person whose data is covered by the consent directive. ||
 * Diagnosis || Identification of a disease or condition by a scientific evaluation of physical signs, symptoms, history, laboratory test results, and procedures. ||
 * Disclosure || Disclosure means the release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information. (HIPAA Section 160.103) ||
 * Drug Abuse || The use of a psychoactive substance for other than medicinal purposes which impairs the physical, mental, emotional, or social well-being of the user ||
 * Electronic Health Record (EHR) || A longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports. The EHR automates and streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a clinical patient encounter - as well as supporting other care-related activities directly or indirectly via interface - including evidence-based decision support, quality management, and outcomes reporting. ||
 * Emergency Department Physician || A specialist in Emergency Medicine ||
 * Health Information Organization (HIO) || An organization that oversees, governs, and provides services to enable the exchange of health-related information among disparate healthcare information systems. ||
 * Healthcare Payers || Insurers, including health plans, self-insured employer plans, and third party administrators, providing healthcare benefits to enrolled members and reimbursing organizations ||
 * Healthcare Provider || Refers to a person licensed, certified, or otherwise authorized or permitted by law to administer healthcare in the ordinary course of business or practice of a profession, including a healthcare facility. This includes primary care providers, other physicians, nurse-practitioners, physician assistants, etc. ||
 * HIPAA Consent || Consent is made by an individual for the covered entity to use or disclose individually identifiable health information for treatment, payment, and healthcare operations purposes only. This is different from consent for treatment, which many providers use, and which should not be confused with the consent for use or disclosure of individually identifiable health information. Consent for use and/or disclosure of individually identifiable health information is optional under the Privacy Rule. All permissions that are required under the Privacy Rule to disclose individually identifiable health information are considered “Authorizations”. ||
 * Information Interchange Requirements || Specifies the transactions that are exchanged between systems and the role of each system in the exchange. ||
 * Patient || Person who is the recipient of healthcare services. For the purposes of the Data Segmentation Use Case the Patient is the subject of the consent, consent directive, or authorization ||
 * Preference || A patient request regarding the use and disclosure of their health information. Preferences can be recorded but would not be enforced until there was an agreement by one or more providers to implement the preference. ||
 * Primary Care Physician (PCP) || A primary care physician is a generalist physician who provides care to the patient at the point of first contact and takes continuing responsibility for providing the patient's care. ||
 * Privacy Policy Model || An abstract representation of the variables or rules that can be associated with data to express the constraints that can be imposed on data sharing. The Policy Model may also be used to define and communicate constraints that emanate from sources other than patient preferences, e.g., laws, regulations, organizational practices. ||
 * Protected Information || Information that is protected by a security policy. In healthcare, this includes a variety of clinical and administrative information that can be identified as belonging to a specific patient. ||
 * Provider || An individual clinician in a healthcare delivery setting. ||
 * Provider Organizations || Organizations that are engaged in or support the delivery of healthcare. These organizations could include hospitals, ambulatory clinics, long-term care facilities, community-based healthcare organizations, employers/occupational health programs, school health programs, dental clinics, psychology clinics, care delivery organizations, pharmacies, home health agencies, hospice care providers, and other healthcare facilities ||
 * Qualified Service Organization || Person or organization that provides services to a program, such as data processing, bill collecting, dosage preparation, laboratory analyses, or legal, medical, accounting or other professional services or services to prevent or treat child abuse or neglect, including training on nutrition and child care and individual and group therapy. The person or organization has entered into a written agreement with a program providing drug or alcohol referral, diagnosis or treatment under which the person or organization acknowledges that in receiving, storing, processing or otherwise dealing with any records concerning enrolled persons, it is fully bound by these regulation and if necessary, will resist in judicial proceedings any efforts to obtain access to records of enrolled persons except as permitted by these regulations. ||
 * Specialist || A physician who has completed sub-specialty training beyond their initial residency. ||
 * System Requirements || Requirements internal to the system necessary to participate successfully in the transaction. ||
 * Treatment || The management and care of a patient condition in order to reduce or eliminate the adverse effects upon the patient ||

[[file:Data Segmentation for Privacy Working Glossary.docx]]
include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"