Common Privacy Terms

Controller –any person or entity that determines the purpose of data.

Processor –any person or entity that processes data for the controller.

Personally Identifiable Information (PII) information that can be reasonably linked to an individual, using persistent identifiers.

Personal Data (EU term) data related to an identifiable natural person, who can be identified (directly or indirectly) by reference of an identifier: ID#, Location data, physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  

Encryption - turning data into an unreadable cipher text (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded.

Breach (Data Breach) - unauthorized and sometimes unlawful access and or acquisition of PII.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

PHI (Protected Health Information)- identifiable health information including demographic data that relates to:
(1)    The individual’s past, present or future physical or mental health condition;
(2)    The provision of health care to the individual or
3)    The past, present or future payment for the provision of health care to the individual

Business Associates –providers of service to Covered entities who also access PHI. Services include: Claims processing, data analysis, accounting, legal, consulting, admin, financial services.’

Covered Entities
(1)    Healthcare providers –those who provide services and transmit ePHI (not just email) as part of standard transaction.
(2)   Healthcare plans –individual and group plans that provide for pay the cost of medical care.
(3)  Clearinghouse (handlers and processors of PHI)—i.e. billing, claims processing.

Comments

Popular posts from this blog

Sample Privacy Risk Assesment Example and Explanation

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design

Cross Border Transfer Mechanism: Model Clauses