HIPAA action
HIPAA dvisory
HIPAAdvisory > HIPAAction > Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

A HIPAA Glossary,
A - D
( Updated June 19, 2002 )

This glossary has been compiled, with our thanks, by contributor Zon Owen of the Hawaii Medical Service Association (HMSA).

HIPAAdvisory.com invites your recommendations for additions or modifications, to support industry efforts to develop a standardized healthcare information security and privacy vocabulary.


Contents

Part I (A HIPAA Glossary) gives general definitions and explanations of HIPAA-related terms and acronyms.

Part II (HIPAA Administrative Simplification Final Rule Definitions) shows all definitions included in the final HIPAA A/S rules.

Part III (Purpose & Maintenance) is self-explanatory.

Part I: HIPAA Glossary & Acronyms

Please note that whenever a definition occurs in both Part I and Part II, the Part II entry will be the more legally compelling one.

| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |


| A |

AAHomecare: See the American Association for Homecare.

Accredited Standards Committee (ASC): An organization that has been accredited by ANSI for the development of American National Standards.

ACG: Ambulatory Care Group.

ACH: See Automated Clearinghouse.

ADA: See the American Dental Association.

ADG: Ambulatory Diagnostic Group.

Administrative Code Sets: Code sets that characterize a general business situation, rather than a medical condition or service. Under HIPAA, these are sometimes referred to as non-clinical or non-medical code sets. Compare to medical code sets.

Administrative Services Only (ASO): An arrangement whereby a self-insured entity contracts with a Third Party Administrator (TPA) to administer a health plan.

Administrative Simplification (A/S): Title II, Subtitle F, of HIPAA, which gives HHS the authority to mandate the use of standards for the electronic exchange of health care data; to specify what medical and administrative code sets should be used within those standards; to require the use of national identification systems for health care patients, providers, payers (or plans), and employers (or sponsors); and to specify the types of measures required to protect the security and privacy of personally identifiable health care information. This is also the name of Title II, Subtitle F, Part C of HIPAA.

AFEHCT: See the Association for Electronic Health Care Transactions.

AHA: See the American Hospital Association.

AHIMA: See the American Health Information Management Association.

AMA: See the American Medical Association.

Ambulatory Payment Class (APC): A payment type for outpatient PPS claims.

Amendment: See Amendments and Corrections.

Amendments and Corrections: In the final privacy rule, an amendment to a record would indicate that the data is in dispute while retaining the original information, while a correction to a record would alter or replace the original record.

American Association for Homecare (AAHomecare): An industry association for the home care industry, including home IV therapy, home medical services and manufacturers, and home health providers. AAHomecare was created through the merger of the Health Industry Distributors Association’s Home Care Division (HIDA Home Care), the Home Health Services and Staffing Association (HHSSA), and the National Association for Medical Equipment Services (NAMES).

American Dental Association (ADA): A professional organization for dentists. The ADA maintains a hardcopy dental claim form and the associated claim submission specifications, and also maintains the Current Dental Terminology (CDTä ) medical code set. The ADA and the Dental Content Committee (DeCC), which it hosts, have formal consultative roles under HIPAA.

American Health Information Management Association (AHIMA): An association of health information management professionals. AHIMA sponsors some HIPAA educational seminars.

American Hospital Association (AHA): A health care industry association that represents the concerns of institutional providers. The AHA hosts the NUBC, which has a formal consultative role under HIPAA.

American Medical Association (AMA): A professional organization for physicians. The AMA is the secretariat of the NUCC, which has a formal consultative role under HIPAA. The AMA also maintains the Current Procedural Terminology (CPTä ) medical code set.

American Medical Informatics Association (AMIA): A professional organization that promotes the development and use of medical informatics for patient care, teaching, research, and health care administration.

American National Standards (ANS): Standards developed and approved by organizations accredited by ANSI.

American National Standards Institute (ANSI): An organization that accredits various standards-setting committees, and monitors their compliance with the open rule-making process that they must follow to qualify for ANSI accreditation. HIPAA prescribes that the standards mandated under it be developed by ANSI-accredited bodies whenever practical.

American Society for Testing and Materials (ASTM): A standards group that has published general guidelines for the development of standards, including those for health care identifiers. ASTM Committee E31 on Healthcare Informatics develops standards on information used within healthcare.

AMIA: See the American Medical Informatics Association.

ANS: See American National Standards.

ANSI: See the American National Standards Institute. Also see Part II, 45 CFR 160.103.

APC: See Ambulatory Payment Class.

A/S, A.S., or AS: See Administrative Simplification.

ASC: See Accredited Standards Committee.

ASCA: Administrative Simplification Compliance Act

ASO: See Administrative Services Only.

ASS (Administrative Simplification Section, Administrative Simplification Standards): See Administrative Simplification.

Application Service Provider (ASP): Essentially rents hardware server space for software applications to end-users. In an ASP model of delivery, software applications are delivered as services, rather than products, as in traditional licensing models. Accordingly, ASPs run and maintain software applications on behalf of the
end-user, who then accesses them over the Internet or through a virtual private network (VPN).

ASPIRE: AFEHCT's Administrative Simplification Print Image Research Effort work group.

Association for Electronic Health Care Transactions (AFEHCT): An organization that promotes the use of EDI in the health care industry.

ASTM: See the American Society for Testing and Materials.

Automated Clearinghouse (ACH): See Health Care Clearinghouse.

Go to TOP

| B |

BA: See Business Associate.

BBA: The Balanced Budget Act of 1997.

BBRA: The Balanced Budget Refinement Act of 1999.

BCBSA: See the Blue Cross and Blue Shield Association.

Biometric Identifier: An identifier based on some physical characteristic, such as a fingerprint.

Blue Cross and Blue Shield Association (BCBSA): An association that represents the common interests of Blue Cross and Blue Shield health plans. The BCBSA serves as the administrator for the Health Care Code Maintenance Committee and also helps maintain the HCPCS Level II codes.

BP: See Business Partner.

Business Associate (BA): A person or organization that performs a function or activity on behalf of a covered entity, but is not part of the covered entity’s workforce. A business associate can also be a covered entity in its own right. Also see Part II, 45 CFR 160.103.

Business Model: A model of a business organization or process.

Business Partner (BP): See Business Associate.

Business Relationships:

  • The term agent is often used to describe a person or organization that assumes some of the responsibilities of another one. This term has been avoided in the final rules so that a more HIPAA-specific meaning could be used for business associate. The term business partner (BP) was originally used for business associate.

  • A Third Party Administrator (TPA) is a business associate that performs claims administration and related business functions for a self-insured entity.

  • Under HIPAA, a health care clearinghouse is a business associate that translates data to or from a standard format in behalf of a covered entity.

  • The HIPAA Security NPRM used the term Chain of Trust Agreement to describe the type of contract that would be needed to extend the responsibility to protect health care data across a series of subcontractual relationships.

  • While a business associate is an entity that performs certain business functions for you, a trading partner is an external entity, such as a customer, that you do business with. This relationship can be formalized via a trading partner agreement. It is quite possible to be a trading partner of an entity for some purposes, and a business associate of that entity for other purposes.

    Go to TOP

| C |

Cabulance: A taxi cab that also functions as an ambulance.

CBO: Congressional Budget Office or Cost Budget Office.

CDC: See the Centers for Disease Control and Prevention.

CDTä : See Current Dental Terminology.

CE: See Covered Entity.

CEFACT: See United Nations Centre for Facilitation of Procedures and Practices for Administration, Commerce, and Transport (UN/CEFACT).

CEN: European Center for Standardization, or Comite Europeen de Normalisation.

Centers for Disease Control and Prevention (CDC): An organization that maintains several code sets included in the HIPAA standards, including the ICD-9-CM codes.

Centers for Medicare & Medicaid Services (CMS): (formerly known as HCFA) the HHS agency responsible for Medicare and parts of Medicaid. CMS has historically maintained the UB-92 institutional EMC format specifications, the professional EMC NSF specifications, and specifications for various certifications and authorizations used by the Medicare and Medicaid programs. CMS also maintains the HCPCS medical code set and the Medicare Remittance Advice Remark Codes administrative code set.

Center for Healthcare Information Management (CHIM): A health information technology industry association.

CFR or C.F.R.: Code of Federal Regulations.

Chain of Trust (COT): A term used in the HIPAA Security NPRM for a pattern of agreements that extend protection of health care data by requiring that each covered entity that shares health care data with another entity require that that entity provide protections comparable to those provided by the covered entity, and that that entity, in turn, require that any other entities with which it shares the data satisfy the same requirements.

CHAMPUS: Civilian Health and Medical Program of the Uniformed Services.

CHIM: See the Center for Healthcare Information Management.

CHIME: See the College of Healthcare Information Management Executives.

CHIP: Child Health Insurance Program.

CIO: Chief Information Officer

CISO: Chief Information Security Officer

Claim Adjustment Reason Codes: A national administrative code set that identifies the reasons for any differences, or adjustments, between the original provider charge for a claim or service and the payer’s payment for it. This code set is used in the X12 835 Claim Payment & Remittance Advice and the X12 837 Claim transactions, and is maintained by the Health Care Code Maintenance Committee.

Claim Attachment: Any of a variety of hardcopy forms or electronic records needed to process a claim in addition to the claim itself.

Claim Medicare Remark Codes: See Medicare Remittance Advice Remark Codes.

Claim Status Codes: A national administrative code set that identifies the status of health care claims. This code set is used in the X12 277 Claim Status Notification transaction, and is maintained by the Health Care Code Maintenance Committee.

Claim Status Category Codes: A national administrative code set that indicates the general category of the status of health care claims. This code set is used in the X12 277 Claim Status Notification transaction, and is maintained by the Health Care Code Maintenance Committee.

Clearinghouse: See Health Care Clearinghouse.

CLIA: Clinical Laboratory Improvement Amendments.

Clinical Code Sets: See Medical Code Sets.

CM: See ICD.

CMS: See Centers for Medicare & Medicaid Services.

COB: See Coordination of Benefits.

Code Set: Under HIPAA, this is any set of codes used to encode data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes. This includes both the codes and their descriptions. Also see Part II, 45 CFR 162.103.

Code Set Maintaining Organization: Under HIPAA, this is an organization that creates and maintains the code sets adopted by the Secretary for use in the transactions for which standards are adopted. Also see Part II, 45 CFR 162.103.

College of Healthcare Information Management Executives (CHIME): A professional organization for health care Chief Information Officers (CIOs).

Comment: Public commentary on the merits or appropriateness of proposed or potential regulations provided in response to an NPRM, an NOI, or other federal regulatory notice.

Common Control: See Part II, 45 CFR 164.504.

Common Ownership: See Part II, 45 CFR 164.504.

Compliance Date: Under HIPAA, this is the date by which a covered entity must comply with a standard, an implementation specification, or a modification. This is usually 24 months after the effective data of the associated final rule for most entities, but 36 months after the effective data for small health plans. For future changes in the standards, the compliance date would be at least 180 days after the effective data, but can be longer for small health plans and for complex changes. Also see Part II, 45 CFR 160.103.

Computer-based Patient Record Institute (CPRI) - Healthcare Open Systems and Trials (HOST): An industry organization that promotes the use of healthcare information systems, including electronic healthcare records.

Contrary: See Part II, 45 CFR 160.202.

Coordination of Benefits (COB): A process for determining the respective responsibilities of two or more health plans that have some financial responsibility for a medical claim. Also called cross-over.

CORF: Comprehensive Outpatient Rehabilitation Facility.

Correction: See Amendments and Corrections.

Correctional Institution: See Part II, 45 CFR 162.103.

COT: See Chain of Trust.

Covered Entity (CE): Under HIPAA, this is a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a HIPAA transaction. Also see Part II, 45 CFR 160.103.

Covered Function: Functions that make an entity a health plan, a health care provider, or a health care clearinghouse. Also see Part II, 45 CFR 164.501.

CPRI-HOST: See the Computer-based Patient Record Institute - Healthcare Open Systems and Trials.

CPTä : See Current Procedural Terminology.

Cross-over: See Coordination of Benefits.

Cross-walk: See Data Mapping.

Current Dental Terminology (CDTä ): A medical code set, maintained and copyrighted by the ADA, that has been selected for use in the HIPAA transactions.

Current Procedural Terminology (CPTä ): A medical code set, maintained and copyrighted by the AMA, that has been selected for use under HIPAA for non-institutional and non-dental professional transactions.

Go to TOP

| D |

Data Aggregation: See Part II, 45 CFR 164.501.

Data Condition: A description of the circumstances in which certain data is required. Also see Part II, 45 CFR 162.103.

Data Content Under HIPAA, this is all the data elements and code sets inherent to a transaction, and not related to the format of the transaction. Also see Part II, 45 CFR 162.103.

Data Content Committee (DCC): See Designated Data Content Committee.

Data Council: A coordinating body within HHS that has high-level responsibility for overseeing the implementation of the A/S provisions of HIPAA.

Data Dictionary (DD): A document or system that characterizes the data content of a system.

Data Element: Under HIPAA, this is the smallest named unit of information in a transaction. Also see Part II, 45 CFR 162.103.

Data Interchange Standards Association (DISA): A body that provides administrative services to X12 and several other standards-related groups.

Data Mapping: The process of matching one set of data elements or individual code values to their closest equivalents in another set of them. This is sometimes called a cross-walk.

Data Model: A conceptual model of the information needed to support a business function or process.

Data-Related Concepts:

  • Clinical or Medical Code Sets identify medical conditions and the procedures, services, equipment, and supplies used to deal with them. Non-clinical or non-medical or administrative code sets identify or characterize entities and events in a manner that facilitates an administrative process.

  • HIPAA defines a data element as the smallest unit of named information. In X12 language, that would be a simple data element. But X12 also has composite data elements, which aren’t really data elements, but are groups of closely related data elements that can repeat as a group. X12 also has segments, which are also groups of related data elements that tend to occur together, such as street address, city, and state. These segments can sometimes repeat, or one or more segments may be part of a loop that can repeat. For example, you might have a claim loop that occurs once for each claim, and a claim service loop that occurs once for each service included in a claim. An X12 transaction is a collection of such loops, segments, etc. that supports a specific business process, while an X12 transmission is a communication session during which one or more X12 transactions is transmitted. Data elements and groups may also be combined into records that make up conventional files, or into the tables or segments used by database management systems, or DBMSs.

  • A designated code set is a code set that has been specified within the body of a rule. These are usually medical code sets. Many other code sets are incorporated into the rules by reference to a separate document, such as an implementation guide, that identifies one or more such code sets. These are usually administrative code sets.

  • Electronic data is data that is recorded or transmitted electronically, while non-electronic data would be everything else. Special cases would be data transmitted by fax and audio systems, which is, in principle, transmitted electronically, but which lacks the underlying structure usually needed to support automated interpretation of its contents.

  • Encoded data is data represented by some identification or classification scheme, such as a provider identifier or a procedure code. Non-encoded data would be more nearly free-form, such as a name, a street address, or a description. Theoretically, of course, all data, including grunts and smiles, is encoded.

  • For HIPAA purposes, internal data, or internal code sets, are data elements that are fully specified within the HIPAA implementation guides. For X12 transactions, changes to the associated code values and descriptions must be approved via the normal standards development process, and can only be used in the revised version of the standards affected. X12 transactions also use many coding and identification schemes that are maintained by external organizations. For these external code sets, the associated values and descriptions can change at any time and still be usable in any version of the X12 transactions that uses the associated code set.

  • Individually identifiable data is data that can be readily associated with a specific individual. Examples would be a name, a personal identifier, or a full street address. If life was simple, everything else would be non-identifiable data. But even if you remove the obviously identifiable data from a record, other data elements present can also be used to re-identify it. For example, a birth date and a zip code might be sufficient to re-identify half the records in a file. The re-identifiability of data can be limited by omitting, aggregating, or altering such data to the extent that the risk of it being re-identified is acceptable.

  • A specific form of data representation, such as an X12 transaction, will generally include some structural data that is needed to identify and interpret the transaction itself, as well as the business data content that the transaction is designed to transmit. Under HIPAA, when an alternate form of data collection such as a browser is used, such structural or format-related data elements can be ignored as long as the appropriate business data content is used.

  • Structured data is data the meaning of which can be inferred to at least some extent based on its absolute or relative location in a separately defined data structure. This structure could be the blocks on a form, the fields in a record, the relative positions of data elements in an X12 segment, etc. Unstructured data, such as a memo or an image, would lack such clues.

Data Set: See Part II, 45 CFR 162.103.

Data Use Agreement: See Part II, 45 CFR 164.514.e.4

A data use agreement is an agreement between a covered entity and the recipient of a limited data set. This agreement must establish the permitted uses and disclosures of the information, establish who is permitted to use or receive the limited data set; and provide that the limited data set recipient will:

  • Not use or further disclose the information other than as permitted by the data use agreement or as otherwise required by law;
  • Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the data use agreement;
  • Report to the covered entity any use or disclosure of the information not provided for by its data use agreement of which it becomes aware;
  • Ensure that any agents, including a subcontractor, to whom it provides the limited data set agrees to the same restrictions and conditions that apply to the limited data set recipient with respect to such information; and
  • Not identify the information or contact the individuals.

DCC: See Data Content Committee.

D-Codes: A subset of the HCPCS Level II medical code set with a high-order value of "D" that has been used to identify certain dental procedures. The final HIPAA transactions and code sets rule states that these D-codes will be dropped from the HCPCS, and that CDT codes will be used to identify all dental procedures.

DD: See Data Dictionary.

DDE: See Direct Data Entry.

DeCC: See Dental Content Committee.

Dental Content Committee (DeCC): An organization, hosted by the American Dental Association, that maintains the data content specifications for dental billing. The Dental Content Committee has a formal consultative role under HIPAA for all transactions affecting dental health care services.

Descriptor: The text defining a code in a code set. Also see Part II, 45 CFR 162.103.

Designated Code Set: A medical code set or an administrative code set that HHS has designated for use in one or more of the HIPAA standards.

Designated Data Content Committee or Designated DCC: An organization which HHS has designated for oversight of the business data content of one or more of the HIPAA-mandated transaction standards.

Designated Record Set: See Part II, 45 CFR 164.501.

Designated Standard: A standard which HHS has designated for use under the authority provided by HIPAA.

Designated Standard Maintenance Organization (DSMO): See Part II, 45 CFR 162.103.

DHHS: See HHS.

DICOM: See Digital Imaging and Communications in Medicine.

Digital Imaging and Communications in Medicine (DICOM): A standard for communicating images, such as x-rays, in a digitized form. This standard could become part of the HIPAA claim attachments standards.

Direct Data Entry (DDE): Under HIPAA, this is the direct entry of data that is immediately transmitted into a health plan’s computer. Also see Part II, 45 CFR 162.103.

Direct Treatment Relationship: See Part II, 45 CFR 164.501.

DISA: See the Data Interchange Standards Association.

Disclosure: Release or divulgence of information by an entity to persons or organizations outside of that entity. Also see Part II, 45 CFR 164.501.

Disclosure History: Under HIPAA this is a list of any entities that have received personally identifiable health care information for uses unrelated to treatment and payment.

DME: Durable Medical Equipment.

DMEPOS: Durable Medical Equipment, Prosthetics, Orthotics, and Supplies.

DMERC: See Medicare Durable Medical Equipment Regional Carrier.

Draft Standard for Trial Use (DSTU): An archaic term for any X12 standard that has been approved since the most recent release of X12 American National Standards. The current equivalent term is "X12 standard".

DRG: Diagnosis Related Group.

DSMO: See Designated Standard Maintenance Organization.

DSTU: See Draft Standard for Trial Use.

Go to TOP