HHS.

A community health management information system.

Health statistics collection agency.

Government agency

Insurance Company.

A covered entity must apply disciplinary sanctions against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity.

A covered entity need not train all members of its workforce whose functions are materially affected by a change in policy or procedure.

A covered entity must designate, and document, a contact person responsible for receiving acknowledgements of Notice of Privacy Practice.

A covered entity may require individuals to waive their rights.

A covered entity must provide maximum safeguards for PHI from any intentional or unintentional use or disclosure that is in violation of the regulations and to limit incidental uses and disclosures made pursuant to permitted or required use or disclosure.

It can be used for the payment of provider claims.

It can be used to pay for insurance products (either individual or group premiums).

It can function solely as a remittance advice.

Electronic Funds Transfer is fully supported.

This transaction can carry either summary or detailed remittance information.

Limited 1o the minimum necessary to accomplish the intended purpose.

Left to the professional judgment and discretion of the requestor.

Controlled totally by the requestor's pre-existing authorization document.

Governed by industry "best practices" regarding use

Left in force for eighteen (18) years.

Optionally, they might develop a mechanism of accounting for all disclosures of PHI for purposes other than TPO.

They must redesign their offices, workspaces, and storage systems to afford maximum protection to PHI from intentional and unintentional use and disclosure.

They must develop methods for disclosing only the minimum amount of protected information necessary to accomplish any intended purpose

They must obtain a "top secret" security clearance for all member of their workforce

They must identify business associates that need to use PHI to accomplish their function and develop authorization forms to allow PHI to be shared with these business associates

Premium Payment.

Health Care Claim.

First Report of Injury.

Health Plan Enrollment and Dis-enrollment.

Coordination of Benefits.

A coveted entity must change its policies and procedures to comply with HIPPP regulations, standards, and implementation specifications.

A covered entity must reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the regulations.

A covered entity must provide a process for individuals to make complaints concerning privacy issues.

A covered entity must document all complaints received regarding privacy issues.

The Privacy Rule requires that the covered entity has a documented security policy.

Security information such as a fingerprint.

Privacy information.

Information on all business associates.

Information on all health care clearinghouses.

Identifiers.

Integrity Controls

Emergency Access Procedure

Access Control and Validation Procedures

Security Reminders

Security Policy

Annual Audits

Claims Management

Salary disbursement to the workforce having direct treatment relationships.

Life Insurance underwriting

Cash given to the pharmacist for the purchase of an over-the-counter drug medicine