Patient information is patient identity.
A few years ago, Citibank did a series of commercials on protecting yourself against identity theft highlighting the importance of keeping personal information secure. The commercial, tried to put a funny spin on a situation that in real life is no joke – violation of privacy, loss of money, are just the tip of the iceberg when it comes to identity fraud.
But while credit cards can be stolen, financial information forged – once your health information is public – there’s no taking it back. As we’ve discussed in the first two posts in this series: there is an urgent and pressing need to ensure that the patient’s protected health information (PHI) remains private and secure because patient information is a patient’s identity.
But what makes PHI or ePHI (electronic Protected Health Information) “identifiable”, and what qualifies as PHI/ePHI?
There are a total of 18 things that make health information “identifiable” including name, geography, telephone numbers, social security numbers, biometric identifiers (finger and voice prints), full face photographs and any comparable images to name some. However, in general, PHI includes all individually identifiable health information which relates to the:
- Past, present, or future physical or mental condition of an individual
- Information of the individual varying from a simple phone number to their social security numbers.
- Past, present or future payment for the provision of healthcare to an individual
So this broad definition definitely tells us that the photos and videos patients send their doctors are ePHI – and therefore need to be transmitted through a channel that complies with HIPAA’s high standards for security .
Every rule has its exceptions, right?
Sure. Information that has been de-identified is not longer considered to be ePHI. But what does that mean? De-identified information is information that does not identify an individual, and with respect to which, there is no reasonable basis to believe that the information can be used to identify an individual such as blacking out names, date of birth, or the eyes.
(Created by Rachel Jones of Wink Design Studio using: in-house images and patient image © Wavebreakmedia Ltd | Dreamstime.com)
To read more about PHI/ePHI, visit the HIPAA website here.
At CaptureProof – all PHI in our site is encrypted when stored AND transmitted with the highest industry standards for security because we recognize and respect the privacy of our users. We also want to educate you about best practices – and how Clinicians and their Patients can best ensure they’re taking the appropriate steps to ensure PHI stays private and secure.
On that note, here’s a teaser for next week’s post:
In the midst of the smartphone revolution in healthcare, 89% of healthcare workers use their personal smartphones for work purposes. But is that safe? Next week, we’ll discuss your smartphone, security, and PHI.
#HIPAA #PHI #ePHI #Healthcare #HealthIT #HealthTech