Electronic protected health information (ePHI) is protected health information (PHI) that is produced, saved, transferred or received in an electronic form. ... This includes identifying and protecting against reasonably anticipated threats to the security or integrity of the information.
What are examples of electronic PHI?
- Name.
- Address (including subdivisions smaller than state such as street address, city, county, or zip code)
- Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89.
What does PHI stand for?
PHI stands for Protected Health Information . The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.
Can PHI be sent electronically?
Answer: The Security Rule does not expressly prohibit the use of email for sending e-PHI. ... The Security Rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected.
What is considered PHI in EMR?
PHI stands for Protected Health Information and is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.
What is the difference between ePHI and PHI?
Under HIPAA, any information that can be used to identify a patient is considered Protected Health Information (PHI). PHI in electronic form — such as a digital copy of a medical report — is electronic PHI, or ePHI. ... Anything related to health, treatment or billing that could identify a patient is PHI.
What can you do to protect electronic PHI?
If you work with PHI on your desk or on a computer, make sure no one can walk up behind you without knowing it. When PHI is not in use, store it in a locking office or a locking file cabinet . Remove documents from faxes and copiers as soon as you can. Do not talk about patients where others can hear you or in public ...
Why is PHI so important?
PHI is important to individuals and valuable to hackers which makes it vital for organizations to protect. HIPAA lays out all the requirements and safeguards that should be put in place so that each person’s identifiable health information is kept secure from cyber criminals.
What is the best example of PHI?
- Patient names.
- Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.
- Dates — Including birth, discharge, admittance, and death dates.
- Telephone and fax numbers.
- Email addresses.
Is patient name alone considered PHI?
Names, addresses and phone numbers are NOT considered PHI , unless that information is listed with a medical condition, health care provision, payment data or something that states that they were seen at a particular clinic.
What is the safest way to communicate using PHI?
Send PHI as a password protected/encrypted attachment when possible . In the subject heading, do not use patient names, identifiers or other specifics; consider the use of a confidentiality banner such as “This is a confidential medical communication”.
Is PHI only electronic?
ANSWER: The HIPAA security rule technically applies only to electronic protected health information (electronic PHI), which is PHI transmitted by or maintained in electronic media. ... (Further steps, such as encryption of PHI stored on computers, may also be appropriate under the security rule.)
When a patient wants a copy of their PHI?
When a patient requests to inspect or obtain a copy of their PHI, you must comply in a timely manner. First, inform the patient you accepted the request and then provide the access no later than 30 days after receiving the request .
What are the 3 rules of HIPAA?
The HIPAA rules and regulations consists of three major components, the HIPAA Privacy rules, Security rules, and Breach Notification rules .
Who is responsible for protecting PHI?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.
Are initials considered PHI?
HHS Publishes Guidance on How to De-Identify Protected Health Information. ... It notes that derivations of one of the 18 data elements , such as a patient’s initials or last four digits of a Social Security number, are considered PHI.
