HIPAA’s Privacy Rule protects all “individually identifiable health information” held or transmitted by a Covered Entity, no matter what form it is in. HIPAA applies whether a person’s health information is held or disclosed electronically, orally, or in written form.
A person’s health information is often referred to as Protected Health Information (PHI). PHI is any information in the medical record or designated record set that can be used to identify an individual and that was created, used or disclosed in the course of providing a health care service. This covers information that relates to:
- a person’s past, present or future physical or mental health conditions
- any health care provided to a person (e.g. clinical notes or lab results related to a person’s medical care)
- past, present, or future payments related to a person’s health care (e.g. billing records)
In other words, this is information created by, or stored by healthcare providers, insurers and healthcare providers’ Business Associates.
HIPAA also covers demographic data and any information that can be used to identify a person, such as names, addresses, date of birth, telephone numbers, Social Security numbers, full face photos and comparable images, and patient account numbers.
Educate staff to secure PHI and maintain constant awareness of protecting patient privacy, just as they would want from their own doctor’s offices.
HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). ANATOMY_IT. can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.