Departments & Programs,UW Hospital and Clinics,Compliance,Privacy,HIPAA,Protected Health Information (PHI)

TPO: Terms You Should Know

TPO: Terms You Should Know - Departments & Programs, UW Hospital and Clinics, Compliance, Privacy, HIPAA, Protected Health Information (PHI)


Under HIPAA, you do not need patient permission to use or disclose patient information for the everyday activities of Treatment, Payment, and health care Operations (TPO). Here are some common examples of TPO: 



Health Care Operations

In case you are still wondering whether some of your work activities fall under TPO, here are more detailed HIPAA definitions of treatment, payment, and health care operations.

Treatment: Treatment is defined as the provision, coordination, or management of health care and related services by one or more health care providers, and includes:

Payment: Payment means those activities undertaken by a provider to obtain reimbursement for the provision of health care; and those activities undertaken by a health plan to obtain premiums or to fulfill its responsibilities for coverage and the provision of benefits under the plan. Examples of payment activities include:

Health Care Operations: Health Care Operations includes most all other activities necessary to the operation of a covered entity (e.g., health care provider, health plan or clearinghouse). These activities include:

Under HIPAA, you don't have to get patient permission if you are doing any activity that falls under these broad TPO definitions. However, some of you are currently getting permission for certain TPO activities, because state laws or UW Health provider policies require it. 

And this brings up an important point about HIPAA. HIPAA sets a minimum standard for patient privacy. If state law or UW Health providers' own policies require us to do more for patients, then we must do more. So if you are already getting written permission for an activity, keep it up: HIPAA does not remove any of our current patient permission and signature rules. Workers involved with TPO will receive additional HIPAA training.