Accounting of Disclosures: A listing of all disclosures made by UConn Health of a patient’s PHI in the six years prior to the date on which the accounting is requested by the patient. See policy #2003-18 Accounting of Disclosures of PHI to Patients upon their Request.
Authorization: A release required in writing by the patient (or his/her representative) for all other uses and disclosures of PHI not included in treatment, payment or healthcare operations, such as when a patient requests his/her records for use outside of UConn Health. See policy #2003-16 Authorization for Release of Information and associated form.
Business Associates: Persons or entities who act on behalf of UConn Health in performing a function or activity involving the use or disclosure of individually identifiable health information. See policy #2003-04 Business Associates Contracts.
De-identification: Health information, both medical and dental that does not identify an individual. If there is no reasonable basis to believe that the information can be used to re-identify an individual, the information is not individually identifiable health information. See policy #2003-29 Creation, Use and Disclosure of De-Identified Protected Health Information (Privacy and Security of Protected Health Information (PHI)) and associated form.
Designated record set: A group of records maintained by or for UConn Health, that is: (a) the medical records and billing records about a patient; and/or (b) used in whole or in part, by or for UConn Health, to make decisions about a patient. For purposes of this definition, the term “record” means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for UConn Health. See policy #2012-06 Designated Record Set.
Disclosure: means with respect to individually identifiable health information, both medical and dental: the release, transfer, provision of access to, or divulging in any other manner of information.
Fundraising: is defined as the organized activity of raising funds for an organizational cause. See policy #2003-06 HIPAA Fundraising Compliance Policy.
Health care operations (medical and dental) means any of the following activities:
- Conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives; and related functions that do not include treatment;
- Reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance, conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers, training of non-health care professionals, accreditation, certification, licensing, or credentialing activities;
- Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs; Business planning and development; Business management and general administrative activities
Health Insurance Portability and Accountability Act (HIPAA): A federal law, the intent of which is to protect the privacy and security of patient health information, both medical and dental that is created or maintained by health care providers.
Individually Identifiable Health information (IIHI): A subset of health information, both medical and dental, including demographic and financial information collected from an individual, and:
- Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
- Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care, both medical and dental to an individual; or the past, present, or future payment for the provision of health care, both medical and dental to an individual which:
- Identifies the individual
- Or causes reasonable belief that such information can be used to identify the patient.
Marketing: Communication about a product or service that encourages recipients of the communication to purchase or use the product or service. See policy #2003-05 HIPAA Marketing Compliance.
Minimum Necessary: The minimum amount of PHI, both medical and dental, necessary to accomplish any intended purpose of a use or disclosure.
Notice of Privacy Practices: A document that provides an individual notice of the uses and disclosures of medical/dental PHI that may be made by UConn Health, and of the patient’s rights and our legal duties with respect to medical/dental PHI. See policy #2014-10 Notice of Privacy Practices: Acknowledgement of Receipt.
Protected Health Information, both medical (including mental health) and dental (PHI): any type of individually identifiable health information, whether electronically maintained, electronically transmitted, or in any other format (i.e. discussed orally, on paper or other media, photographed or otherwise duplicated).
Record: means any item, collection, or grouping of information that includes PHI, both medical (including mental health) and dental and is maintained, collected, used, or disseminated by or for UConn Health.
Required by law: means a mandate contained in law that compels UConn Health to make a use or disclosure of PHI, both medical and dental, and that is enforceable in a court of law. Required by law includes, but is not limited to:
- court orders and court-ordered warrants;
- subpoenas or summons issued by a court, grand jury, a governmental or tribal inspector general, or an administrative body authorized to require the production of information;
- a civil or an authorized investigative demand;
- Medicare conditions of participation with respect to health care, both medical and dental providers participating in the program; and
- statutes or regulations that require the production of information, including statutes or regulations that require such information if payment is sought under a government program providing public benefits.
Research: means a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge. See policy #2003-28 Use and Disclosure of PHI for Research Purposes and associated forms.
Sanctions: A consequence given to members of UConn Health’s workforce who fail to comply with UConn Health privacy policies and procedures. See policy #2014-04 Sanctions Policy for Privacy and Security Violations for Faculty and Staff.
Treatment: The provision, coordination, or management of health care, both medical and dental and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.
Use: With respect to individually identifiable health information, both medical and dental: the sharing, employment, application, utilization, examination, or analysis of such information within UConn Health.
Workforce: Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for UConn Health, is under the direct control of UConn Health, whether or not they are paid by UConn Health.
Revised 8/11/2020