Learn HIPAA vocabulary for healthcare IT: PHI, covered entities, BAA, de-identification, and security rule terms.
0 / 5 completed
1 / 5
PHI (Protected Health Information) includes:
PHI is any health information that identifies an individual and relates to their health status, treatment, or payment — if combined with 18 types of identifiers (name, DOB, zip, etc.).
2 / 5
A Business Associate Agreement (BAA) is required when:
A BAA is a legal contract required by HIPAA when a covered entity (hospital, insurance) shares PHI with a business associate (cloud provider, billing service) that handles PHI on their behalf.
3 / 5
HIPAA de-identification of data requires:
HIPAA Safe Harbor de-identification removes all 18 specified identifiers (name, DOB, geographic data smaller than state, SSN, etc.) — de-identified data is no longer PHI.
4 / 5
HIPAA's Security Rule applies to:
The HIPAA Security Rule specifically applies to ePHI — it requires covered entities to implement administrative, physical, and technical safeguards to protect electronic health information.
5 / 5
Which is an example of a HIPAA technical safeguard?
Technical safeguards include audit controls, access controls, encryption, and authentication. Audit logging tracks access to ePHI — a core HIPAA technical requirement.