Information about protected health information definition
Code of Federal Regulations
Title 45, Volume 1
Revised as of October 1, 2004
From the U.S. Government Printing Office via GPO Access
CITE: 45CFR160.103
Page 700-704
TITLE 45--PUBLIC WELFARE
SUBTITLE A--DEPARTMENT OF HEALTH
AND HUMAN SERVICES
PART 160GENERAL ADMINISTRATIVE REQUIREMENTS--Table of Contents
Subpart AGeneral Provisions
Sec. 160.103 Definitions.
Except as otherwise provided, the following definitions apply to
this subchapter:
Act means the Social Security Act.
ANSI stands for the American National Standards Institute.
Business associate: (1) Except as provided in paragraph (2) of this
definition, business associate means, with respect to a covered entity,
a person who:
(i) On behalf of such covered entity or of an organized health care
arrangement (as defined in Sec. 164.501 of this subchapter) in which
the covered entity participates, but other than in the capacity of a
member of the workforce of such covered entity or arrangement, performs,
or assists in the performance of:
(A) A function or activity involving the use or disclosure of
individually identifiable health information, including claims
processing or administration, data analysis, processing or
administration, utilization review, quality assurance, billing, benefit
management, practice management, and repricing; or
(B) Any other function or activity regulated by this subchapter; or
(ii) Provides, other than in the capacity of a member of the
workforce of such covered entity, legal, actuarial, accounting,
consulting, data aggregation (as defined in Sec. 164.501 of this
subchapter), management, administrative, accreditation, or financial
services to or for such covered entity, or to or for an organized health
care arrangement in which the covered entity participates, where the
provision of the service involves the disclosure of individually
identifiable health information from such covered entity or arrangement,
or from another business associate of such covered entity or
arrangement, to the person.
(2) A covered entity participating in an organized health care
arrangement that performs a function or activity as described by
paragraph (1)(i) of this definition for or on behalf of such organized
health care arrangement, or that provides a service as described in
paragraph (1)(ii) of this definition to or for such organized health
care arrangement, does not, simply through the performance of such
function or activity or the provision of such service, become a business
associate of other covered entities participating in such organized
health care arrangement.
(3) A covered entity may be a business associate of another covered
entity.
CMS stands for Centers for Medicare & Medicaid Services within the
Department of Health and Human Services.
Compliance date means the date by which a covered entity must comply
with a standard, implementation specification, requirement, or
modification adopted under this subchapter.
Covered entity means:
(1) A health plan.
(2) A health care clearinghouse.
(3) A health care provider who transmits any health information in
electronic form in connection with a transaction covered by this
subchapter.
Disclosure means the release, transfer, provision of, access to, or
divulging in any other manner of information outside the entity holding
the information.
EIN stands for the employer identification number assigned by the
Internal Revenue Service, U.S. Department of the Treasury. The EIN is
the taxpayer identifying number of an individual or other entity
(whether or not an employer) assigned under one of the following:
(1) 26 U.S.C. 6011(b), which is the portion of the Internal Revenue
Code dealing with identifying the taxpayer in tax returns and
statements, or corresponding provisions of prior law.
(2) 26 U.S.C. 6109, which is the portion of the Internal Revenue
Code dealing with identifying numbers in tax returns, statements, and
other required documents.
Electronic media means:
(1) Electronic storage media including memory devices in computers
(hard drives) and any removable/transportable digital memory medium,
such as magnetic tape or disk, optical disk, or digital memory card; or
(2) Transmission media used to exchange information already in
electronic storage media. Transmission media include, for example, the
internet (wide-open), extranet (using internet technology to link a
business with
Page 701
information accessible only to collaborating parties), leased lines,
dial-up lines, private networks, and the physical movement of removable/
transportable electronic storage media. Certain transmissions, including
of paper, via facsimile, and of voice, via telephone, are not considered
to be transmissions via electronic media, because the information being
exchanged did not exist in electronic form before the transmission.
Electronic protected health information means information that comes
within paragraphs (1)(i) or (1)(ii) of the definition of protected
health information as specified in this section.
Employer is defined as it is in 26 U.S.C. 3401(d).
Group health plan (also see definition of health plan in this
section) means an employee welfare benefit plan (as defined in section
3(1) of the Employee Retirement Income and Security Act of 1974 (ERISA),
29 U.S.C. 1002(1)), including insured and self-insured plans, to the
extent that the plan provides medical care (as defined in section
2791(a)(2) of the Public Health Service Act (PHS Act), 42 U.S.C. 300gg-
91(a)(2)), including items and services paid for as medical care, to
employees or their dependents directly or through insurance,
reimbursement, or otherwise, that:
(1) Has 50 or more participants (as defined in section 3(7) of
ERISA, 29 U.S.C. 1002(7)); or
(2) Is administered by an entity other than the employer that
established and maintains the plan.
HHS stands for the Department of Health and Human Services.
Health care means care, services, or supplies related to the health
of an individual. Health care includes, but is not limited to, the
following:
(1) Preventive, diagnostic, therapeutic, rehabilitative,
maintenance, or palliative care, and counseling, service, assessment, or
procedure with respect to the physical or mental condition, or
functional status, of an individual or that affects the structure or
function of the body; and
(2) Sale or dispensing of a drug, device, equipment, or other item
in accordance with a prescription.
Health care clearinghouse means a public or private entity,
including a billing service, repricing company, community health
management information system or community health information system,
and ``value-added'' networks and switches, that does either of the
following functions:
(1) Processes or facilitates the processing of health information
received from another entity in a nonstandard format or containing
nonstandard data content into standard data elements or a standard
transaction.
(2) Receives a standard transaction from another entity and
processes or facilitates the processing of health information into
nonstandard format or nonstandard data content for the receiving entity.
Health care provider means a provider of services (as defined in
section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical
or health services (as defined in section 1861(s) of the Act, 42 U.S.C.
1395x(s)), and any other person or organization who furnishes, bills, or
is paid for health care in the normal course of business.
Health information means any information, whether oral or recorded
in any form or medium, that:
(1) Is created or received by a health care provider, health plan,
public health authority, employer, life insurer, school or university,
or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental
health or condition of an individual; the provision of health care to an
individual; or the past, present, or future payment for the provision of
health care to an individual.
Health insurance issuer (as defined in section 2791(b)(2) of the PHS
Act, 42 U.S.C. 300gg-91(b)(2) and used in the definition of health plan
in this section) means an insurance company, insurance service, or
insurance organization (including an HMO) that is licensed to engage in
the business of insurance in a State and is subject to State law that
regulates insurance. Such term does not include a group health plan.
Health maintenance organization (HMO) (as defined in section
2791(b)(3) of the PHS Act, 42 U.S.C. 300gg-91(b)(3) and used in the
definition of health plan
Page 702
in this section) means a federally qualified HMO, an organization
recognized as an HMO under State law, or a similar organization
regulated for solvency under State law in the same manner and to the
same extent as such an HMO.
Health plan means an individual or group plan that provides, or pays
the cost of, medical care (as defined in section 2791(a)(2) of the PHS
Act, 42 U.S.C. 300gg-91(a)(2)).
(1) Health plan includes the following, singly or in combination:
(i) A group health plan, as defined in this section.
(ii) A health insurance issuer, as defined in this section.
(iii) An HMO, as defined in this section.
(iv) Part A or Part B of the Medicare program under title XVIII of
the Act.
(v) The Medicaid program under title XIX of the Act, 42 U.S.C. 1396,
et seq.
(vi) An issuer of a Medicare supplemental policy (as defined in
section 1882(g)(1) of the Act, 42 U.S.C. 1395ss(g)(1)).
(vii) An issuer of a long-term care policy, excluding a nursing home
fixed-indemnity policy.
(viii) An employee welfare benefit plan or any other arrangement
that is established or maintained for the purpose of offering or
providing health benefits to the employees of two or more employers.
(ix) The health care program for active military personnel under
title 10 of the United States Code.
(x) The veterans health care program under 38 U.S.C. chapter 17.
(xi) The Civilian Health and Medical Program of the Uniformed
Services (CHAMPUS) (as defined in 10 U.S.C. 1072(4)).
(xii) The Indian Health Service program under the Indian Health Care
Improvement Act, 25 U.S.C. 1601, et seq.
(xiii) The Federal Employees Health Benefits Program under 5 U.S.C.
8902, et seq.
(xiv) An approved State child health plan under title XXI of the
Act, providing benefits for child health assistance that meet the
requirements of section 2103 of the Act, 42 U.S.C. 1397, et seq.
(xv) The Medicare+Choice program under Part C of title XVIII of the
Act, 42 U.S.C. 1395w-21 through 1395w-28.
(xvi) A high risk pool that is a mechanism established under State
law to provide health insurance coverage or comparable coverage to
eligible individuals.
(xvii) Any other individual or group plan, or combination of
individual or group plans, that provides or pays for the cost of medical
care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-
91(a)(2)).
(2) Health plan excludes:
(i) Any policy, plan, or program to the extent that it provides, or
pays for the cost of, excepted benefits that are listed in section
2791(c)(1) of the PHS Act, 42 U.S.C. 300gg-91(c)(1); and
(ii) A government-funded program (other than one listed in paragraph
(1)(i)-(xvi) of this definition):
(A) Whose principal purpose is other than providing, or paying the
cost of, health care; or
(B) Whose principal activity is:
(1) The direct provision of health care to persons; or
(2) The making of grants to fund the direct provision of health care
to persons.
Implementation specification means specific requirements or
instructions for implementing a standard.
Individual means the person who is the subject of protected health
information.
Individually identifiable health information is information that is
a subset of health information, including demographic information
collected from an individual, and:
(1) Is created or received by a health care provider, health plan,
employer, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental
health or condition of an individual; the provision of health care to an
individual; or the past, present, or future payment for the provision of
health care to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe
the information can be used to identify the individual.
Page 703
Modify or modification refers to a change adopted by the Secretary,
through regulation, to a standard or an implementation specification.
Organized health care arrangement means:
(1) A clinically integrated care setting in which individuals
typically receive health care from more than one health care provider;
(2) An organized system of health care in which more than one
covered entity participates and in which the participating covered
entities:
(i) Hold themselves out to the public as participating in a joint
arrangement; and
(ii) Participate in joint activities that include at least one of
the following:
(A) Utilization review, in which health care decisions by
participating covered entities are reviewed by other participating
covered entities or by a third party on their behalf;
(B) Quality assessment and improvement activities, in which
treatment provided by participating covered entities is assessed by
other participating covered entities or by a third party on their
behalf; or
(C) Payment activities, if the financial risk for delivering health
care is shared, in part or in whole, by participating covered entities
through the joint arrangement and if protected health information
created or received by a covered entity is reviewed by other
participating covered entities or by a third party on their behalf for
the purpose of administering the sharing of financial risk.
(3) A group health plan and a health insurance issuer or HMO with
respect to such group health plan, but only with respect to protected
health information created or received by such health insurance issuer
or HMO that relates to individuals who are or who have been participants
or beneficiaries in such group health plan;
(4) A group health plan and one or more other group health plans
each of which are maintained by the same plan sponsor; or
(5) The group health plans described in paragraph (4) of this
definition and health insurance issuers or HMOs with respect to such
group health plans, but only with respect to protected health
information created or received by such health insurance issuers or HMOs
that relates to individuals who are or have been participants or
beneficiaries in any of such group health plans.
Protected health information means individually identifiable health
information:
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable
health information in:
(i) Education records covered by the Family Educational Rights and
Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) Employment records held by a covered entity in its role as
employer.
Secretary means the Secretary of Health and Human Services or any
other officer or employee of HHS to whom the authority involved has been
delegated.
Small health plan means a health plan with annual receipts of $5
million or less.
Standard means a rule, condition, or requirement:
(1) Describing the following information for products, systems,
services or practices:
(i) Classification of components.
(ii) Specification of materials, performance, or operations; or
(iii) Delineation of procedures; or
(2) With respect to the privacy of individually identifiable health
information.
Standard setting organization (SSO) means an organization accredited
by the American National Standards Institute that develops and maintains
standards for information transactions or data elements, or any other
standard that is necessary for, or will facilitate the implementation
of, this part.
State refers to one of the following:
(1) For a health plan established or regulated by Federal law, State
has the
Page 704
meaning set forth in the applicable section of the United States Code
for such health plan.
(2) For all other purposes, State means any of the several States,
the District of Columbia, the Commonwealth of Puerto Rico, the Virgin
Islands, and Guam.
Trading partner agreement means an agreement related to the exchange
of information in electronic transactions, whether the agreement is
distinct or part of a larger agreement, between each party to the
agreement. (For example, a trading partner agreement may specify, among
other things, the duties and responsibilities of each party to the
agreement in conducting a standard transaction.)
Transaction means the transmission of information between two
parties to carry out financial or administrative activities related to
health care. It includes the following types of information
transmissions:
(1) Health care claims or equivalent encounter information.
(2) Health care payment and remittance advice.
(3) Coordination of benefits.
(4) Health care claim status.
(5) Enrollment and disenrollment in a health plan.
(6) Eligibility for a health plan.
(7) Health plan premium payments.
(8) Referral certification and authorization.
(9) First report of injury.
(10) Health claims attachments.
(11) Other transactions that the Secretary may prescribe by
regulation.
Use means, with respect to individually identifiable health
information, the sharing, employment, application, utilization,
examination, or analysis of such information within an entity that
maintains such information.
Workforce means employees, volunteers, trainees, and other persons
whose conduct, in the performance of work for a covered entity, is under
the direct control of such entity, whether or not they are paid by the
covered entity.
65 FR 82798, Dec. 28, 2000, as amended at 67 FR 38019, May 31, 2002; 67
FR 53266, Aug. 14, 2002; 68 FR 8374, Feb. 20, 2003
again on these then few when own with volunteers and health information technology hers does
does i over of for was maybe itself those had what am should be her an
when is they myself after as their what is health information services have or protected health information definition he through
or or on each see these about
into a after not she hello hers go there! if how should be herself
Like, down not our very her each theirs she not where
an them above through
for he has me know any or his
should go there! after all here as than
because some him he again few Right on! from
whom hers we having other against off own protected health information definition
by yourselves ours her on once am are and theirs all
up here after as few some its below
below when between during down while does in been yours we as who protected health information definition
some over for can an only himself what is health information services munchies see such more same that and there protected health information definition