HIPAA
ComplianceHealth Insurance Portability and Accountability Act, a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. HIPAA includes the Privacy Rule (who can access PHI), the Security Rule (technical safeguards required), and the Breach Notification Rule (what to do if data is compromised). Any healthcare provider or vendor handling patient data must comply.
See this in FormisoftRelated terms
PHI (Protected Health Information)
Any individually identifiable health information held or transmitted by a covered entity or its business associates, in any form (electronic, paper, or oral). PHI includes 18 specific identifiers such as names, dates, phone numbers, email addresses, Social Security numbers, and medical record numbers when connected to health data.
Covered Entity
Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Covered entities must comply with all HIPAA regulations including the Privacy Rule, Security Rule, and Breach Notification Rule. Most healthcare practices using digital intake forms are covered entities.
BAA (Business Associate Agreement)
A legally binding contract between a HIPAA covered entity (like a healthcare provider) and a business associate (like a software vendor) that establishes permitted uses and disclosures of protected health information (PHI). A BAA is required before any vendor can handle PHI on behalf of a covered entity.