Individually identifiable information, including demographic information and genetic information, related to the past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for such health care.

If I need access to PHI to carry out my job duties, then I'm allowed to access PHI under certain conditions and limitations under this standard.

UBA must disclose PHI when HHS requires disclosure to investigate or determine UBA's compliance with these laws.

If I sell PHI or PI to any source, then UBA may take this action if it determines that my sale is major misconduct.

This is who I call first if the U.S. Dept. of Health and Human Services (HHS) comes knocking on UBA's door.

A type of data set from which all direct identifiers (from a list) are removed regarding the individual and the individual's relatives, employers, and household members. This type of data set is PHI.

As a plan participant, I may ask for the plan to take this action, if I want changes made to my PHI in my designated record set.

UBA must provide PHI to an individual or an individual's representative under these conditions.

If I release PHI or PI without proper authorization, then UBA may take this action if it determines that my disclosure is serious misconduct.

This is who I call with questions about UBA's privacy policy.

Information that is no longer PHI because it has been changed using either the expert determination method or safe harbor method.

As a plan participant, I may ask for this type of list, if I want a list of certain disclosures of my PHI that the plan has made in the last 6 years.

Documents that UBA is required to implement to guide staff and business associates on UBA's compliance with the HIPAA privacy regulations.

UBA has this type of policy that prevents UBA and its staff from intimidating, threatening, coercing, discriminating against, or taking any adverse action against someone who exercises rights or participates in processes established by the HIPAA privacy regulations.

This is who I call if I think there is a breach of unsecured PHI.

UBA uses these records to make decisions about an individual, including medical, claims, and billing records and enrollment, payment, claims adjudication, and case or medical management records systems maintained by or for a health plan.

UBA takes this action in response to a person making a request for PHI, before UBA makes a disclosure permitted by the privacy regulations.

The number of years that UBA maintains its privacy policy documents such as authorizations, revocations, complaints and their disposition, and contents of accounting of disclosures provided.

If documents are under a litigation hold, then I should not do this to the documents until UBA's President, General Counsel, or Director of Compliance releases the litigation hold.

This is who I call if I receive an individual's Authorization to Release Information.

When UBA maintains records in its capacity as this type of entity, the records are not protected health information (PHI).

UBA may keep documents beyond their routine retention period if the documents are potentially relevant to this type of event.

The action that UBA must take when UBA discovers, or by using due diligence, should have known about an unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of unsecured PHI.

When UBA is a business associate, I cannot use or disclose PHI beyond what this document provides or requires, within the bounds of the privacy regulations and other federal and state laws.

After reviewing Appendix A in the privacy policy, this is who I call if the category or type of PHI or PI required to carry out my job duties needs to be updated.