What is Protected Health Information (PHI)?
PHI is any information that can be used to identify a patient whether living or deceased that relates to the patient’s past, present or future, physical or mental health, or condition. Including healthcare services provided and payment for those services.
Access to medical information is restricted among employees. Employees may only have access to PHI only when necessary to perform their job-related duties.
The improper use or disclosure of sensitive information presents the risk of identity theft, invasion of privacy, and can cause harm and embarrassment to patients and their families.
Example of PHI:
- Patient names
- Date of Birth, SSNs
- Demographic information to include addresses, phone numbers, email addresses, etc.
- Medical/Dental/Pharmaceutical Diagnoses
- Vehicle identifiers
- Certificate/License Numbers (R.N., M.D., P.E., and others)
- Full Face Photographs or Images
- Credit Card or Bank Information
- Health Plan Beneficiary Numbers
So what happens when there’s a potential for a breach of confidentiality? HIPAA violations are enforced by the Department of Health and Human Services (HHS). However, pursuant to HITECH, state attorneys general are also permitted to bring civil actions and recover monetary awards that may be shared with harmed individuals. Should you feel that your protected health information may have been shared or inappropriately accessed by anyone (by any medical personnel) please report it immediately to your medical facilities’ Privacy Officer. Still have questions? Feel free to call and ask to speak to Family Health Centers’ Privacy Officer.