Tooltip Categories: HIPAA (Health Insurance Portability and Accountability Act)
Institutional Privacy Officer
The individual designated by the institution to lead the mission of the Institutional Privacy Office (IPO) and oversee all ongoing activities related to the development, implementation, and maintenance of the institution’s privacy policies in accordance with applicable federal and state laws.
HIPAA (Health Insurance Portability and Accountability Act)
Collectively, the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009, and their implementing regulations. SMART IRB: Glossary
UNC Health Privacy Office
The UNC Health Privacy Office is the first point of contact for all HIPAA related issues and standards for UNC Health and UNC School of Medicine (SOM). The UNC Health Privacy Office engages in various privacy compliance activities including training and education; policy development; auditing and monitoring; privacy incident investigations; and outreach and consultation on a variety of privacy issues. UNC Health: Privacy Office
Protected Health Information (PHI)
Health information, including demographic data, created or received by a covered entity (such as any UNC Health entity hospital, clinic, department or workforce member of UNC Health or UNC SOM) which relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care by an individual and that identifies or can be used to identify the individual. PHI is classified as Tier 3 information in the UNC-Chapel Hill Information Classification Standard. UNC Health Privacy Office: What is PHI; UNC-Chapel Hill ITS: Information Classification Standard
Privacy board
A board constituted in a manner similar to an Institutional Review Board (IRB), that has authority to implement the HIPAA Privacy Rule as it relates to waivers and alterations of authorization. The UNC-Chapel Hill IRB is the privacy board for all UNC-Chapel Hill Human Subjects Research (HSR). 45 CFR 164.512, Security and Privacy
Privacy
As it applies to the individual/participant, freedom from intrusion into one’s personal matters and information, having control over the extent, timing, and circumstances of sharing oneself physically, behaviorally, or intellectually with others.
Notice of privacy practices
A document provided to health care patients that provides clear explanations of their privacy rights and privacy practices of their health plans and health care providers. Required by the HIPAA Privacy Rule. The Notice of Privacy Practices is intended to focus individual on privacy issues and concerns, and to prompt them to have discussions with their health plans and health care providers and exercise their rights.
Limited dataset
A dataset of Protected Health Information (PHI) from which certain specified direct identifiers (identifier) of individuals and their relatives, household members, and employers have been removed. A limited data set may be used and disclosed for research, health care operations, and public health purposes, provided the recipient enters into a data use agreement promising specified safeguards for the PHI within the limited data set. HIPAA: Summary of the HIPAA Privacy Rule
Institutional Privacy Office (IPO)
Administered by the Division of Institutional Integrity and Risk Management (IIRM), the UNC-Chapel Hill IPO provides centralized oversight and monitoring of compliance with federal and state privacy regulations, as well as general industry privacy standards for restricted or sensitive information collected, used, or retained by the University. UNC-Chapel Hill IIRM: IPO