Skip to main content

Tooltip Categories: HIPAA (Health Insurance Portability and Accountability Act)

UNC Health Privacy Office

The UNC Health Privacy Office is the first point of contact for all HIPAA related issues and standards for UNC Health and UNC School of Medicine (SOM). The UNC Health Privacy Office engages in various privacy compliance activities including training and education; policy development; auditing and monitoring; privacy incident investigations; and outreach and consultation on a variety of privacy issues. UNC Health: Privacy Office

Protected Health Information (PHI)

Health information, including demographic data, created or received by a covered entity (such as any UNC Health entity hospital, clinic, department or workforce member of UNC Health or UNC SOM) which relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care by an individual and that identifies or can be used to identify the individual. PHI is classified as Tier 3 information in the UNC-Chapel Hill Information Classification Standard. UNC Health Privacy Office: What is PHI; UNC-Chapel Hill ITS: Information Classification Standard

Privacy

As it applies to the individual/participant, freedom from intrusion into one’s personal matters and information, having control over the extent, timing, and circumstances of sharing oneself physically, behaviorally, or intellectually with others.

Notice of privacy practices

A document provided to health care patients that provides clear explanations of their privacy rights and privacy practices of their health plans and health care providers. Required by the HIPAA Privacy Rule. The Notice of Privacy Practices is intended to focus individual on privacy issues and concerns, and to prompt them to have discussions with their health plans and health care providers and exercise their rights.

Limited dataset

A dataset of Protected Health Information (PHI) from which certain specified direct identifiers (identifier) of individuals and their relatives, household members, and employers have been removed. A limited data set may be used and disclosed for research, health care operations, and public health purposes, provided the recipient enters into a data use agreement promising specified safeguards for the PHI within the limited data set. HIPAA: Summary of the HIPAA Privacy Rule