1. Abuse- actions that improperly use another persons resources. 2.

Acknowledgement of Receipt of Notice of Privacy Practices-states that the patient has read the privacy practices and understands how the provider intends to protect the patients right to privacy under HIPAA. 3. ASC X12 Version 5010- updated electronic data standard for transmitting HIPAA X12 documents, such as the HIPAA claim(X12 837), that replaces ASC X12 Version 4010 beginning in January 2012. 1. Audit- formal examination or review, such as review to determine whether an entity is complying with regulation. 2. Breach- impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI in a way that could pose a significant risk of financial, reputational, or other harm to the affected person. 3. Breach notification- document used by a covered entity to notify individuals of a breach in their PHI required under the new HITECH breach notification rules. 4. Business associate- person or organization that requires access to PHI to perform function or activity on behalf of a covered entity but it is not part of its workplace. 5. Centers for Medicare and Medicaid Services (CMS) - the main federal government agency responsible for healthcare. Administers Medicare, Medicaid, and Childrens Health Insurance program. 6. Clearinghouse- Company that processes electronic health information and executes electronic transactions such as insurance verification and claim submission for providers. 7. Code set- alphabetic and/or numeric representations for data; a medical code set is a system of medical terms required for HIPAA transactions. 8. Covered entity- under HIPAA, health plan, clearinghouse, or provider who transmits any health information in electronic form in connection with a HIPAA transaction. 9. Electronic data interchange (EDI) - computer-to-computer exchange of routine business information using publically available electronic standards. 10. Electronic protected health information (ePHI) - is PHI that is created, received, maintained, or transmitted in electronic form. 11. Encryption- the process of converting data into an unreadable format before it is distributed. 12. Fraud- intentional act of deception to take financial advantage of another person. 13. Health Care Fraud and Abuse Control Program- government grogram to uncover misuse of funds in federal health care programs run by the Office of the Inspector General. 14. Health Information Technology for Economic and Clinical Health (HITECH) Act- provisions in the American Recovery and Reinvestment Act (ARRA) of 2009 that extend and reinforce HIPAA and contain new breach notification requirements for covered entities and business associates, guidance on ways to encrypt or destroy PHI to prevent a breach, requirements for informing individuals when a breach occurs, higher monetary penalties for HIPAA violations, and stronger enforcement of the Privacy and Security Rules. 15. HIPAA Electronic Health Care Transactions and Code Sets (TCS) - the HIPAA rule governing the electronic exchange of health information. 16. HIPAA National Identifiers-HIPAA-mandated identification systems for employers, healthcare providers, health plans, and patients; national provider system and employer system are in place; health plan and patient systems have not been created. 17. HIPAA Privacy Rule- law that regulates the use and disclosure of patients protected health information. 18. HIPAA Security Rule- law that requires covered entities to establish administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of health information.

19. National Provider Identifier- under HIPAA, system for identifying all health care providers using unique ten-digit identifiers. 20. Notice of Privacy Practices (NPP) - a HIPAA-mandated documented stating the privacy policies and procedures of a covered entity. 21. Protected health information 22. Release of information (ROI) - process followed by employees of covered entities when releasing patient information. 26. Treatment, payment, and health care operations (TPO) - under HIPAA, three conditions under which patients protected health information may be released without their consent.