Iowa Admin. Code r. 641-206.2
For the purposes of this chapter, the following definitions shall apply:
"Advisory council" means the electronic health information advisory council established in Iowa Code section 135.156(2) "a. "
"Board" means the state board of health established in Iowa Code chapter 136.
"Breach " means breach as such term is defined in the HIPAA Privacy Rule.
"Department" means the Iowa department of public health.
"Executive committee " means the executive committee of the electronic health information advisory council established in Iowa Code section 135.156(2) "b. "
"HIPAA " means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act, and the regulations promulgated thereunder, including the Privacy Rule, the Security Rule and the Omnibus Final Rule.
"Individual" means a patient or client of a participant.
"Iowa health information network" means the health information exchange operated by the department pursuant to Iowa Code section 135.155.
"Opt out" means to decline to have one's health information exchanged through the Iowa health information network.
"Participant" means an authorized organization or individual that has voluntarily agreed to enter into a participation agreement to access or use the Iowa health information network.
"Participation agreement" means the agreement that is entered into between the department and a participant and prescribes the terms and conditions for access and use of the Iowa health information network.
"Privacy policies and security policies " means the department's rules, regulations, policies and procedures for access to and use of the Iowa health information network, as approved and amended by the executive committee and advisory council and the board, that are posted electronically on the Iowa health information network Web site or otherwise furnished to participants.
"Protected health information " means protected health information as defined in HIPAA that is created, transmitted or received by an authorized participant.
"Provider " means a person or organization that is a health care provider under HIPAA and is licensed or otherwise permitted to provide health care items and services under applicable state law.
"Security incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information available through the Iowa health information network or interference with Iowa health information network operations, including attempted and successful privacy breaches.
Iowa Admin. Code r. 641-206.2