Protected Health Information (PHI) exists in multiple forms: electronic (ePHI), verbal, and written. The same standards of privacy apply to all types.
How can you protect protected health information?
In general terms, you could explain that you secure patient information by:
- Encrypting PHI at rest and in transit (if that is the case)
- Only storing PHI on internal systems protected by firewalls.
- Storing charts in secure locations they can only be accessed by authorized individuals.
How is protected patient information stored?
Examples of how to keep PHI secure: If PHI is in a place where patients or others can see it, cover or move it. If you work with PHI on your desk or on a computer, make sure no one can walk up behind you without knowing it. When PHI is not in use, store it in a locking office or a locking file cabinet.
What is not considered protected health information?
Examples of health data that is not considered PHI: Number of steps in a pedometer. Number of calories burned. Blood sugar readings w/out personally identifiable user information (PII) (such as an account or user name)
When can you use or disclose protected health information?
Covered entities may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen the threat (including the target of the threat).
Can you talk about a patient without saying their name?
HIPAA violation: yes. However, even without mentioning names one must keep in mind if a patient can identify themselves in what you write about this may be a violation of HIPAA. HIPAA violation: potentially yes if someone can identify it is them and prove it.
What is the punishment for HIPAA violation?
The minimum fine for willful violations of HIPAA Rules is $50,000. The maximum criminal penalty for a HIPAA violation by an individual is $250,000. Restitution may also need to be paid to the victims. In addition to the financial penalty, a jail term is likely for a criminal violation of HIPAA Rules.