Compliance Standards

What Is Considered PHI (Protected Health Information)?

When you walk into any hospital or private doctor’s office, you’re immediately bombarded by a list of questions. These range from personal questions about your lifestyle and medical history to private questions about your address, insurance, and other information you don’t want to be disclosed. You’d hope, being that there’s a notion of doctor-patient confidentiality, that all this information is handed over in confidence.

And it is. According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), all this information constitutes protected health information (PHI). The release of vital patient details breaks HIPAA’s Privacy and Security Rules — thus inciting fees and penalties for the healthcare entity.

Some questions to consider when reading ahead: How was this system set up? What is protected health information? And how can healthcare organizations and their business associates offer their patients security and avoid penalties under HIPAA?

When ensuring HIPAA compliance, it is vital to understand what is considered PHI, or Protected Health Information under HIPAA. Where HIPAA is concerned, it is essential that your patient private information, or PPI, is safe and secure. Read on to find out what counts as PHI under HIPAA so you can remain compliant and protect your patients. 

In recent decades, public health agencies and public schools have worked hand in glove, sharing health information about students in order to better understand the broader picture of teens’ overall health. In addition, schools have increasingly sought to give their students more and better health services. Seeing as schools may keep or request sensitive health information from the students or parents, it’s natural to wonder what laws cover the security and privacy of these documents. 

These days, there are two major privacy laws – HIPAA and FERPA – that may or may not cover a student’s health records. Naturally, whether they do or don’t depends on your particular situation. That said, this article will attempt to wade the convoluted mire, illuminating you as to the differences between FERPA vs. HIPAA. Keep reading to discover more! 

Although HIPAA has been impacting the healthcare industry since the late ’90s, far too many businesses still struggle to comply with the various facets of the law. One particular area of weakness for covered entities involves the protection of their patients’ protected health information [PHI]. Time and again, they fail to adequately safeguard the personally identifiable information that has been entrusted to their keeping. Naturally, such lax defenses can result in a host of issues such as data theft, fraud, loss of client trust, fines, and even jail time. 

Over the years, one of the main causes of noncompliance with HIPAA is the result of human error. In most cases, employees unknowingly open up the floodgates to prying eyes or cybercriminals due to a simple lack of understanding, education, or forethought. Although such actions are rarely malicious, ignorance is not an excuse readily accepted by Health and Human Services [HHS]. Therefore, it’s crucial that you ensure that your team members are complying with the rules and regulations of HIPAA.

Check out our HIPAA guidelines for employees here!