Chapter 1 - Introduction to the Fundamentals of Law

21st Century Cures Act

A US federal law enacted in 2016 that promotes interoperability, patient access to electronic health information (EHI), and prohibits information blocking

access

the ability or right to retrieve, view, use, or obtain information, such as a patient's right to access their health record

American Recovery and Reinvestment Act of 2009 (ARRA)

a federal law designed to stimulate the economy that included major funding for health IT, including the HITECH Act

business record

a document created and maintained in the normal course of business that may be used as evidence in legal proceedings

confidentiality

the obligation to protect personal health information from unauthorized access or disclosure

custodian

an individual or organization responsible for the care, maintenance, and protection of records, such as a healthcare provider holding patient records

custodianship

the responsibility for managing, safeguarding, and maintaining records on behalf of another party, typically the patient

cybersecurity

the practice of protecting systems, networks, and data from digital attacks, unauthorized access, or damage

data governance

a framework of policies, roles, and standards that ensures data is accurate, available, secure, and used appropriately

data security

the protection of data from unauthorized access, breaches, alteration, or destruction through administrative, physical, and technical safeguards

data stewardship

the ethical and responsible management of data to ensure quality, integrity, privacy, and appropriate use

disclosure

the release, transfer, or sharing of health information outside the entity holding the record

electronic health information (EHI)

health information stored or transmitted electronically that relates to an individual's health, healthcare, or payment for care

electronic health record (ehr)

a comprehensive digital record of a patient's health information that is designed to be shared across healthcare settings

electronic medical record (EMR)

a digital version of a patient's medical chart within a single healthcare organization

electronic protected health information (ePHI)

protected health information that is created, stored, transmitted, or received electronically

General Data Protection Regulation (GDPR)

A European Union regulation that governs the collection, processing, and protection of personal data and grants individuals strong privacy rights

health information exchange (hie)

the electronic sharing of health information among healthcare organizations to improve care coordination and outcomes

Health Information Technology for Economic and Clinical Health Act (HITECH)

a federal law that promotes the adoption and meaningful use of EHRs and strengthens HIPAA privacy and security requirements

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

a federal law that establishes national standards for protecting the privacy and security of health information

health record

a collection of health information about a patient that documents care, treatment, and health status

hybrid health record

a health record that contains both paper-based and electronic components

information governance

a coordinated approach to managing information across an organization to support compliance, quality, security, and effective use

information security

the protection of information from unauthorized access, use, disclosure, disruption, modification, or destruction

information stewardship

the responsibility to manage and protect information ethically and in compliance with laws, policies, and standards

The Joint Commission

an independent accrediting organization that evaluates and accredits healthcare organizations to ensure quality and safety standards

law

a system of rules established by governing authorities to regulate behavior and maintain order in society

ownership

the legal right to control property; in healthcare, providers typically own the physical record, while patients own the information contained within it

patient portal

a secure online application that allows patients to access their health information and communicate with healthcare providers

personal health record (PHR)

a health record maintained and managed by the individual patient, often using electronic tools

primary data source

the original source where data are first collected, such as the patient or the point of care documentation

private law

law that governs relationships between individuals or organizations, such as contract or tort law

privileged communication

information shared in a protected relationship that cannot be disclosed without permission

privacy

the right of individuals to control how their personal information is collected, used, and disclosed

protected health information (PHI)

individually identifiable health information that is protected under HIPAA

public law

law that governs relationships between individuals and the government, including criminal and administrative law

secondary data source

data collected from existing records or databases for purposes other than direct patient care, such as research or quality improvement

security

measures taken to protect information and systems from unauthorized access, damage, or misuse

steward

an individual responsible for overseeing and protecting data or information resources

stewardship

the ethical and responsible management and protection of information or data

system security

safeguards designed to protect information systems, including hardware, software, and networks

use

the internal application or utilization of information within an organization for purposes such as treatment, payment, or operations