HIPAA Online Homepage

User Type

Quick Links
Privacy Notice

What is

About the
HIPAA Effort

Contact Us

2. Medical Provider Section:
Where is HIPAA-Impacted Data? 

This page lists some places where HIPAA-impacted information and transactions are typically found, relative to the Nebraska DHHS' collaborative efforts with the medical providers.

Note that "HIPAA-Impacted Data" can be defined in a three-tier approach:

  1. Any electronic data used in the 9 standard x12 transactions (member enrollment and data update, premium payment, eligibility, prior authorization for treatment, private practice claims, institutional claims, dental claims, claim status check, and remittance advice) -- These are HIPAA-Transaction Impacted.
  2. Any information about PHI - Protected Health Information (diagnosis, treatment, and payment for treatments) -- are HIPAA-Privacy Impacted.
  3. Any other information that is being stored, received, generated or processed by a "covered entity" in HIPAA -- are HIPAA-Security Impacted.

Also note that HIPAA impacted data can exist in any form!  These include paper, electronic storage (e.g., diskette, CD, tape drive, hard drive), network applications, fax machine, verbal discussions, phone calls, emails, or faxes! 

Data content Location (form, transmission)
-- TAD, Turn-around Document
-- Medical claims - paper, or electronic
-- Care plans
Working sheets (e.g. charts, lab notes) Nursing stations, medical records area, archives, workers' offices
-- Vendor-provided systems, web services
Protected health information transmitted on faxed documents Fax machines
Protected health information transmitted in emails Emails
-- In hard drive storage, on networked applications, mainframe, databases
(and many more places!)  

Be careful of the handling of HIPAA impacted data relative to: Transactions, Privacy and Security.  You may review more of our webpages to learn about how to determine if you have any "HIPAA gaps", and what you can do to minimize your liability.