Menu

Navigation

What is HIPAA and PHI?

Posted on by Arif Clayton

What is HIPAA and PHI?

HIPAA protected health information (PHI), also known as HIPAA data, is any piece of information in an individual’s medical record that was created, used, or disclosed during the course of diagnosis or treatment that can be used to personally identify them.

How can we protect PHI?

Close your office door when talking to patients. Do not take files or documents PHI out of the office or clinic. Shred PHI when documents or files are no longer needed. When PHI is stored on a computer or storage device, use passwords, anti-virus software, data backups, and encryption.

What are the two main rules of HIPAA?

General Rules

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and.

What qualifies PHI?

PHI is health information in any form, including physical records, electronic records, or spoken information. Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual identifiers.

Which items are considered PHI?

Examples of PHI Dates — Including birth, discharge, admittance, and death dates. Biometric identifiers — including finger and voice prints. Full face photographic images and any comparable images.

Can I shred PHI at home?

In general, examples of proper disposal methods may include, but are not limited to: For PHI in paper records, shredding, burning, pulping, or pulverizing the records so that PHI is rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed.

What happens if PHI is not safeguarded?

If PHI security is compromised in a healthcare data breach, the notification process is essential. However, the HIPAA breach notification rule states that when unsecured PHI is compromised, then covered entities and their business associates need to notify potentially affected parties.

https://www.youtube.com/channel/UCA9FWfDU9_SnNl1MCQ-n7zQ