PHI in healthcare stands for protected health information, but it is a term that is both vague and general. As a result, it can cause understandable confusion for both patients and healthcare providers.
It is a term that is generally connected to conversations about the Health Insurance Portability and Accountability Act (HIPAA), a piece of legislation designed to protect the private healthcare and medical information of patients.
What Is PHI in Healthcare?
When it comes to the protected healthcare information protected by HIPAA, the following areas are covered:
- Demographic information
- Medical history
- Results of medical testing
- Health insurance information
- Any identifying information that connects a patient to a healthcare service or healthcare coverage provider
Essentially, any information that connects a person to a medical issue through testing, treatment, doctors’ notes, or other areas must be protected.
This not only means that sharing that information with other sources is off limits without the consent of the patient, but also that great care must be taken when transmitting medical records lawfully over email or other means, so they are not lost, hacked, or inadvertently fall into hands that were not the intended recipients of that information.
It also means ensuring that the patient always has the ability to access these same records and the option to request revisions as appropriate.
How to Protect Healthcare Information Under HIPAA
Healthcare providers, health insurance providers, their business associates, and those responsible for the transportation of PHI are all accountable for the protection of this information.
In order to do this lawfully, it is necessary to do the following:
- Get authorization to disclose protected health information from the patient, usually in the form of a consent contract or waiver.
- Get permission from the patient to access privilege to protected health information that was generated in other offices, facilities, or organizations.
- Avoid the destruction of protected health information that may stop the patient from having full and complete access to their medical records and healthcare information.
- Gain authorization to use and disclose protected health information to anyone but the patient, including concerned family members. Even admitting that a patient is receiving treatment and has records to access at a medical facility is not allowed unless the individual person has been approved by the patient.
It is important to note a few things in regard to the protection of personal medical information.
All authorizations to share information needs to be in writing and kept on file. If the patient decides to revoke authorization at any point, they will need to update the information, even if it is a court decision, such as in the case of divorce or loss of legal child custody.
It may also be of interest to note that HIPAA laws no longer protect an individual once it has been 50 years since their death.
If you need assistance managing a HIPAA claim made against you or pending litigation, contact Florida Healthcare Law Firm for assistance today.