Established Contributor
Posts: 1,016
Registered: ‎01-22-2008
Re: Hippa letters

From Fused's HIPAA letter to the OC:


The Privacy Rules prohibits a covered entity from using or disclosing an individual's protected health information ("PHI") unless specifically authorized by the individual or otherwise allowed under the Privacy Rules. In general, PHI encompasses substantially all "individually identifiable health information" that is transmitted or maintained in any medium. "Individually identifiable health information" includes health information that is created or received by a health care provider, health plan, employer, or health care clearinghouse, and that relates to an individual's physical or mental health or condition, including information related to an individual's care or the PAYMENT for such care.


Does that answer your question?