Protected Health Information (PHI) is made up of all of the various data on patient identifiable information and health information. This includes any information (oral and recorded) created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse that relates to the past, present, or future physical or mental health or condition of any individual, or the past or future payment for the provision of health care to an individual.
- Protected Health Information includes but is not limited to:
- Medical records
- Patient history
- Treatment records
- Tests and results
- Progress reports
- X-rays, MRIs and results
- Claims, Payments, & Eligibility
- Health plan insurance Data
- Patient identifying information; Name, Address, Dates related to an individual, Phone and fax numbers, Email address, Social Security number, Medical records number, Health plan beneficiary number, Account number, Certificate/license number, Any vehicle or other device serial number, Device identifiers or serial numbers, Web URL, IP address, Finger or voice prints, Photographic images, Any other characteristic that would uniquely identify an individual
For more information visit HHS.gov
How to Share PHI Safely
Extensive care should be taken when sharing electronic health records. Information should never be disclosed when it is not necessary to satisfy a particular purpose or carry out a function. With proper protocols and training, you clinic should be able address workflow problem areas, and maintain patient confidentiality. In any case where PHI needs to be shared, try to adhere to some of the following guidelines.
- Use encrypted methods for sending PHI whenever possible
- Have a designated HIPAA lead in the office
- Train staff to know the difference between necessary and unnecessary transfer of PHI
- Make sure patient records are stored securely (digital and paper), and access to them is restricted to necessary personnel only
- Ensure your staff is using strong passwords and that no applications with access to PHI are left open when unattended
- Control third-party vendor access and ensure any outside organizes your practice works with follow HIPAA regulations
- Choose an EHR that is HIPAA compliant
Maintaining the necessary workflows and training to ensure compliance and security can be tough. Comprehensive Urgent Care software solutions - like those integrated with UrgiChart - help make this easier with automated notifications and security checks when transferring or viewing PHI. Curious how your clinic stacks up? Contact us to learn the best practices we deploy with UrgiChart.
Remember to make sure your practice is in compliance by understanding the rules and regulations set forth by the HHS. Resources for further learning on this blog’s topic: