Lately, there’s been a lot of buzz about Protected Health Information (PHI), especially with concerns arising over what’s permissible to disclose. (Think vaccine status, anyone?) Let’s delve into precisely what constitutes protected health information and what doesn’t. Additionally, as technology progresses and electronic medical records become prevalent, a new category called electronic PHI (ePHI) has emerged, warranting exploration.

PHI: Under HIPAA regulations, PHI encompasses “any identifiable health information utilized, maintained, stored, or transmitted by a HIPAA-covered entity.” These entities typically include healthcare providers, insurance providers, or associates of HIPAA-covered entities, such as subcontracted services like medical coding companies.

As a result, any data linked to your health—whether it’s test results, medical history, or personal identifiers like your name or social security number—is classified as PHI. The inclusion of one or more of these identifiers renders the information PHI, necessitating adherence to HIPAA Privacy Rules for its security.

There are 18 specific categories of patient identifiers:

  • Names
  • Dates (excluding the year)
  • Telephone numbers
  • Geographic data
  • Fax numbers
  • Social Security numbers
  • Email addresses
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle identifiers
  • Web URLs
  • Device identifiers and serial numbers
  • Internet protocol addresses
  • Full-face photos and comparable images
  • Biometric identifiers (e.g., fingerprints, retinal scans)
  • Any unique identifying number or code

ePHI: ePHI functions similarly to PHI but encompasses information created, stored, or transmitted electronically. This includes systems operating with cloud databases or transmitting patient information via email. To ensure protection, specialized security measures such as encryption and secure backup are imperative. Several high-profile breaches of ePHI in recent years have resulted in substantial financial penalties ranging from six to seven figures.

Exceptions: Certain types of information do not fall under HIPAA rules as PHI or ePHI, and it’s crucial to recognize these exceptions. Sometimes, any medical-related information is erroneously grouped under PHI when it shouldn’t be. To ascertain whether information qualifies as PHI, consider the following guidelines:

  • Who recorded the information? If self-recorded, such as on a smartwatch or app, it typically isn’t covered by HIPAA unless linked to a healthcare provider or insurance plan.
  • Is the information part of your education or employment records? Since entities of this nature aren’t subject to HIPAA, information stored in these records—such as employer-kept allergy or vaccination records—isn’t considered PHI.
  • Does it contain identifiers? If information is devoid of identifiers, as is often the case in population health or research data, it ceases to be classified as PHI.

The healthcare landscape relies heavily on information—comprising records, histories, forms, demographics, and reports. Managing HIPAA-compliant electronic forms can be a daunting task without the right partner. With virtual and telehealth communications becoming increasingly common, the electronic handling of sensitive ePHI is more vital than ever. Tectonic works with our health and life sciences customers to ensure that such data is safeguarded, user-friendly, and consistently secure.

Related Posts
Salesforce OEM AppExchange
Salesforce OEM AppExchange

Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more

Salesforce Jigsaw
Salesforce Jigsaw

Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more

Health Cloud Brings Healthcare Transformation
Health Cloud Brings Healthcare Transformation

Following swiftly after last week's successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Top Ten Reasons Why Tectonic Loves the Cloud
cloud computing

The Cloud is Good for Everyone - Why Tectonic loves the cloud You don’t need to worry about tracking licenses. Read more

author avatar
get-admin