Tech & Innovation in Healthcare
Know All 18 PHI Identifiers
Question: Is there more to protected health information (PHI) than just a patient’s medical record? Is this information actually protected by HIPAA? Oklahoma Subscriber Answer: Yes, there is more to patients’ PHI than just the medical record; moreover, a thorough knowledge of what the feds consider PHI is essential to understanding how to protect it — and your practice. PHI is best defined as “all ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral,” reminds the HHS Office for Civil Rights in its Privacy Rule guidance. For instance, to avoid a HIPAA Privacy Rule violation — especially concerning what should not be disclosed on social media sites — it’s a good idea to know what “individually identifiable health information” refers to. Here are 18 things that the HIPAA Privacy Rule identifies as PHI: 1. Name 2. Address 3. Birth date and other corresponding dates of admission, discharge, death, etc. 4. Landline and cellphone numbers 5. Fax numbers 6. Email addresses 7. Social Security Number 8. Medical record number 9. Health plan beneficiary number (i.e. Medicare Beneficiary Identifier) 10. Account number 11. State identification or license number 12. Vehicle identifiers and serial numbers, including license plate numbers 13. Device identifiers and serial numbers 14. URLs 15. IP addresses 16. Biometric identifiers like finger or voice prints 17. Photo or image of patient, specifically the face 18. Any other unique code, characteristic, image, or number that identifies the individual. Reminder: If one of these 18 identifiers is included in a chat, an email, a social media post, a text, or any other kind of communication, you are revealing “identifiable” information. But the use and disclosure of “de-identified” health information is OK. Why? According to OCR guidance, “de-identified health information neither identifies nor provides a reasonable basis to identify an individual,” and it’s often passed two criteria. First, it’s been verified by a “qualified statistician;” and second, all “specified identifiers” have been removed, including employer and family information, indicates OCR. Resource: Review the Privacy Rule summary and more in-depth details on the identifiers and de-identification online at www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
Tech & Innovation in Healthcare
- Artificial Intelligence:
Here’s How Artificial Intelligence is Re-Inventing Modern Medicine as We Know It
From EMR chatbot to apps to lifesaving diagnostics, consider the seemingly infinite potential of AI. [...] - Cybersecurity:
Construct Strong Controls for IT Assets — or Pay the Price
Tip: Keep tabs on your practice mobile devices. With ransomware incidents on the rise, cybersecurity [...] - Remote Coding:
Tweak Remote-Coding Policies With These Top Tips
Reminder: Don’t forget about confidentiality agreements. Most providers considered precise, timely, and trustworthy coders to [...] - Reader Question:
Get the Facts on Open APIs
Question: We keep hearing about open application programming interfaces (APIs). What exactly are they and will [...] - Reader Question:
Understand These Cloud-Based EHR Benefits
Question: Our practice is trying to decide on whether to stick with our server-based EHR [...] - Reader Question:
Know All 18 PHI Identifiers
Question: Is there more to protected health information (PHI) than just a patient’s medical record? Is [...]
