You probably already know that Protected Health Information, or PHI as it is more frequently known, is what HIPAA Compliance is all about protecting the sanctity, integrity, and security of.
However, what is PHI? Why is it so crucial that it is kept secret and is only revealed when it is deemed necessary?
Understanding PHI
The HIPAA Privacy Rule grants patients a range of rights with regard to personal health information kept by covered companies and offers federal protections for that information. The Privacy Rule is calibrated so that it allows for the sharing of personal health information when it is necessary for patient treatment and other vital functions.
Any personal health information that was generated, utilised, or disclosed when delivering healthcare services, including a diagnosis or treatment, is considered HIPAA Protected Health Information, or PHI. PHI may consist of:
Healthcare services provided to an individual’s past, present, or future physical health or condition.
Payment made in the past, present, or future for healthcare services provided to a person.
PHI, or personally identifying information, is essentially information about an individual that is found in medical records and is discussed regarding a patient’s care by medical professionals such as doctors and nurses. PHI also includes billing information and any data that could be used to locate a specific person in the files of a health insurance provider.
PHI is typically present in a wide range of documents, forms, and communications, including prescriptions, appointments with a doctor or clinic, MRI or X-ray results, blood test results, billing data, or records of conversations with your doctor or other healthcare professionals.
PHI solely applies to medical data concerning patients or insurance plan participants. It excludes information from records of education and work. Furthermore, PHI is only regarded as PHI if a person might be identified from the data in the record set. The HIPAA Privacy Rule’s limitations on uses and disclosures cease to apply if all identifiers are eliminated from the set, making the information no longer considered to be protected health information.