What is PHI and how is it protected?

Under HIPAA, protected health information is considered to be individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for …

What is defined as PHI?

PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.

Does PHI need to be protected?

The test is straightforward: if the device or application you are building records or transmits the user’s personally-identifiable health data held in the app or device and is used by a covered entity in the course of care, then you are dealing with PHI and need to be HIPAA compliant.

What is PHI and examples?

Examples of PHI include: Name. Address (including subdivisions smaller than state such as street address, city, county, or zip code) Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89.

IT IS INTERESTING:  How do you protect your fingers?

What is the best example of PHI?

Examples of PHI

  • Patient names.
  • Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.
  • Dates — Including birth, discharge, admittance, and death dates.
  • Telephone and fax numbers.
  • Email addresses.

Is patient name alone considered PHI?

For example, patient name or email alone can be considered PHI if it is in any way associated with a health condition or treatment—such as in a marketing email coming from your practice advertising a specific treatment to a group of individuals who were selected to receive the email based on their medical history.

What happens if PHI is not safeguarded?

If PHI security is compromised in a healthcare data breach, the notification process is essential. However, the HIPAA breach notification rule states that when unsecured PHI is compromised, then covered entities and their business associates need to notify potentially affected parties.

How do you handle PHI?

Examples of how to keep PHI secure:

  1. If PHI is in a place where patients or others can see it, cover or move it.
  2. If you work with PHI on your desk or on a computer, make sure no one can walk up behind you without knowing it.
  3. When PHI is not in use, store it in a locking office or a locking file cabinet.

When a patient wants a copy of their PHI?

When a patient requests to inspect or obtain a copy of their PHI, you must comply in a timely manner. First, inform the patient you accepted the request and then provide the access no later than 30 days after receiving the request.

IT IS INTERESTING:  Quick Answer: What is an AT&T Secure mail key?

Is IP address considered PHI?

It may be surprising that some of these items are PHI, such as IP addresses, however, the above-listed items are considered “individually identifiable health information.” This means that the information can be directly tied back to a specific patient.

Is a doctor’s name considered PHI?

Examples of PHI include: Billing information from a doctor or clinic. Email to a doctor’s office about a medication or prescription. Health care provider appointment scheduling notes.

Can you talk about a patient without saying their name?

HIPAA violation: yes. However, even without mentioning names one must keep in mind if a patient can identify themselves in what you write about this may be a violation of HIPAA. HIPAA violation: potentially yes if someone can identify it is them and prove it.