1.1.

Covered Entity (CE) means a health plan, a health care clearinghouse, or a health care provider that transmits any health information in electronic form relating to any covered transaction.

1.1.2.

Health care clearinghouse means an entity that processes health information received in a nonstandard format into a standard format, or processes health information received in a standard format into a nonstandard format for another entity.

1.1.3.

Health care provider means a provider of medical or health services and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.

1.2.

Protected Health Information (PHI) means individually identifiable information relating to the past, present or future physical or mental health or condition of an individual, provision of health care to an individual, or the past, present or future payment for health care provided to an individual. PHI excludes:

1.2.2.

Records described at 20 U.S.C. 1232g(a)(4)(B)(iv) and;

1.2.3.

Employment records held by a CE in its role as employer.

1.3.

Individually Identifiable Health Information is information that is a subset of health information, including demographic information collected from an individual, and:

1.4.

Personal Representative means a person who has authority under applicable law to make decisions related to health care on behalf of an adult or an emancipated minor, or the parent, guardian, or other person acting in loco parentis who is authorized under law to make health care decisions on behalf of an unemancipated minor, except where the minor is authorized by law to consent, on his/her own or via court approval, to a health care service, or where the parent, guardian or other person acting in loco parentis has assented to an agreement of confidentiality between the provider and the minor.

1.5.

Treatment, Payment and Health Care Operations (TPO) includes all of the following:

1.5.1.

Treatment means the provision, coordination or management of health care and related services, consultation between providers relating to an individual or referral of an individual to another provider for health care

1.5.2.

Payment means activities undertaken to obtain or provide reimbursement for health care, including determinations of eligibility or coverage, billing, collections activities, medical necessity determinations and utilization review.

1.5.3.

Health care operations includes functions such as: quality assessment and improvement activities, reviewing competence or qualifications of health care professionals, conducting or arranging for medical review, legal services and auditing functions, business planning and development, and general business and administrative activities.

1.6.

Covered Functions means those functions of a CE, the performance of which make the entity a health plan, a health care clearinghouse or a health care provider.

1.7.

Hybrid Entity means a single legal entity that is a CE whose business activities include both covered and non-covered functions and that designates health care components in accordance with 164.504(c)(3)(iii)[¶ 10.3.3.3.]

1.8.

Designated Record Set means a group of records maintained by or for a CE that is: the medical and billing records relating to an individual maintained by or for a health care provider; the enrollment, payment, claims adjudication and case or medical management systems maintained by or for a health plan; or used, in whole or part, by of for a CE to make decisions about individuals.

1.9.

Business Associate (BA) means a person or entity who, on behalf of the CE, and other than in the capacity of a workforce member: performs or assists in the performance of a function or activity that involves the use or disclosure of PHI; or provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.

1.10.

Workforce means employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a CE, is under the direct control of such entity, whether or not they are paid by the entity.

1.11.

Health Oversight Agency means a governmental agency or authority, or a person or entity acting under a grant of authority from or a contract with such public agency, including the employees or agents of the public agency, its contractors and those to whom it has granted authority, that is authorized by law to oversee the public or private health care system or government programs in which health information is necessary to determine eligibility or compliance, or to enforce civil rights for which health information is relevant.

1.12.

Public Health Authority means a governmental agency or authority, or a person or entity acting under a grant of authority from or a contract with such public agency, including the employees or agents of the public agency, its contractors and those to whom it has granted authority, that is responsible for public health matters as part of its official mandate.

1.13.

Indirect Treatment Relationship means a relationship between an individual and a health care provider in which the health care provider delivers health care to the individual based on the orders of another health care provider and the health care provider typically provides services or products, or reports the diagnosis or results associated with the health care, directly to another health care provider, who provides the services or products or reports to the individual.

1.14.

Research means a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge.

1.15.

Health Care Operations means any of the following activities of the covered entity to the extent that the activities are related to covered functions:

1.15.2.

Reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance, health plan performance, conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers, training of non-health care professionals, accreditation, certification, licensing, or credentialing activities;

1.15.3.

Underwriting, premium rating, and other activities relating to the creation, renewal or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care (including stop-loss insurance and excess of loss insurance), provided that the requirements of § 164.514(g) [¶ 3.6] are met, if applicable;

1.15.4

1.15.4. Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs;

1.15.5

Business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating the entity, including formulary development and administration, development or improvement of methods of payment or coverage policies; and

1.15.6

1.15.6. Business management and general administrative activities of the entity, including, but not limited to:

1.16.

Law Enforcement Official means a public employee from any branch of government who is empowered by law to investigate a potential violation of the law or to prosecute, or otherwise conduct a criminal, civil, or administrative proceeding arising from an alleged violation of law.