Learn Why PHI is Protected under HIPAA
In the health care industry, you are familiar with PHI (protected health information) and may have seen repeated use of this term under the Health Insurance Portability and Accountability Act (HIPAA). In fact, PHI is the very basis of HIPAA’s Privacy Rule compliance, hence it is important for every person in the healthcare field to understand all aspects of PHI.
At TITAN Mobile Shredding, we work with clients in multiple industries, helping ensure that they are fully compliant with all aspects of document preservation and destruction. In fact, we like to go a step further and familiarize our clients and prospects with the applicable laws and their associated operational aspects. Our data destruction specialists stay abreast of the latest regulations and industry-specific norms, and HIPAA is no exception to that. Read on to know more about PHI, and why it enjoys special protection under HIPAA.
The Basics of PHI and HIPAA Compliance
- Understanding PHI: PHI is a combination of personally identifiable information (PII) and individually identifiable health information. Health information encompasses any information created or received by a HIPAA covered entity, in any medium, including verbal, written, electronic, or otherwise.
Some examples of PHI are:
- Health records, such as blood test results, health histories, or lab reports
- Patients’ names, addresses, phone records, date of birth, and other PII
- Appointments scheduled with the doctors’ offices
- Emails exchanged between doctors’ offices and patients about medication or prescriptions
- Billing information from the doctors to the patients
Entities covered under HIPAA include:
- Doctors’ offices, nursing homes, dental offices, psychologists
- Clinics, pharmacies, hospitals, home healthcare agencies
- Government agencies/ programs involved in healthcare
- Health plans, insurance companies, health care clearinghouses, Health Maintenance Organizations (HMOs)
Are there exceptions to PHI? All health information may not necessarily fall under the definition of PHI. For example, if you are in the business of wearable devices that track your users’ steps taken, calories burnt, heart rate, etc., but you do not plan on sharing this information with any of the HIPAA covered entities, the Privacy Rule does not apply.
Why is PHI protection so critical? If an individual’s health record falls into the hands of a fraudster or cybercriminal, it may find many illegitimate uses. These could be in the form of identity theft, insurance scams, fraudulent health benefit claims, extortion threats, and more. In fact, on the dark web, medical or health records fetch as high as $1,000 per record, which is well over the typical rates for other personal or sensitive records.
What is HIPAA’s privacy requirement? While HIPAA’s Privacy Rule defines the national standards for protecting PHI, its Security Rule establishes the physical, technical and administrative safeguards that you need to put in place to support those standards. Penalties for HIPAA non-compliance range from $100 to $5,000 for a single accidental violation, whereas cases of willful neglect are fined anywhere between $10,000 and $50,000. The latter could also involve criminal proceedings and jail time. Essentially, there is no safe harbor for accidental storage or disclosure of PHI, which makes PHI protection an extremely critical component of regulatory compliance for the covered businesses.
While you may take all the necessary precautions for preservation and safekeeping of records, remember to apply similar safeguards during record destruction. For secure paper shredding and hard drive destruction as per HIPAA guidelines, rely on the professionals at TITAN Mobile Shredding. As a NAID AAA Certified company, we offer industry-specific solutions that help you remain compliant with all legislative matters. We follow the highest standards of secure disposal, and offer a range of services, including routine on-site services and hard drive destruction. We also provide media destruction services that include X-Rays, diskettes, tapes, CDs, and DVDs.
Call (866) 848-2699 or write to us online to know more about our meticulous and cost-effective professional shredding plans. Our data destruction specialists can also create a customized shredding program in line with your specific requirements and budget.