Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• June 2011
• May 2011
• April 2011
• March 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

HIPAA and HITECH - What is Protected Health Information? - June 2, 2010

Orlando Florida --


The HIPAA rules all speak of “protected health information,” or PHI. What does that really cover? It is important to understand what it is so that you are sure you have the correct protections in place. Let’s explore the definition of PHI a bit here. The rule defines individually identifiable health information as:

Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and…

1. Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and 1. That identifies the individual; or 2. With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

It then goes on to define “protected health information” in this way: Protected health information, or PHI, is individually identifiable health information:

1. Transmitted by electronic media; or

2. Maintained in electronic media; or

3. Transmitted or maintained in any other form or medium.

What that tells us is that it covers health information in ANY form. While the privacy rule applies to the information in any form, the security rule focuses on information that is created and stored electronically, including spoken conversations.

What about De-Identified Information?

The rules do allow for the use of information if it is de-identified. What is important to remember here is that the rule includes several things that must be removed before something is considered de-identified. Here’s the list:

(A) Names;

(B) All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

(C) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;

(D) Telephone numbers;

(E) Fax numbers;

(F) Electronic mail addresses;

(G) Social security numbers;

(H) Medical record numbers;

(I) Health plan beneficiary numbers;

(J) Account numbers;

(K) Certificate/license numbers;

(L) Vehicle identifiers and serial numbers, including license plate numbers;

(M) Device identifiers and serial numbers;

(N) Web Universal Resource Locators (URLs);

(O) Internet Protocol (IP) address numbers;

(P) Biometric identifiers, including finger and voice prints;

(Q) Full face photographic images and any comparable images; and

(R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this

Historically, we have faithfully removed all demographic information from the headers of a report, and we have used the words “the patient” when a physician dictates the name of the patient. If you really look at the above list, you will see that it’s much more detailed than that. When a pacemaker is implanted, for example, the physician gives the model number and serial number, right in the middle of the report. With (M) above, that report is not considered de-identified information.

The rule also states that the information must be such that a reasonable person with a statistical background would not be able to figure out the person’s identity. Lastly, it says that the covered entity must not have knowledge that the information could be used, alone or with other information, to identify the person.

It is critical to understand the meaning of PHI and how it applies to your setting. It is also important that all persons involved in the workforce be clear on the definitions. Be sure you have research these rules so you understand them and know how they apply to your work setting.





Sencilo HealthIT Solutions eHealthcare Architecture: More than technology With Sencilo HealthIT Solutions eHealthcare Architecture, you can leverage the same productivity tools and technology resources that have transformed business. And you get a full portfolio of services too. By working with Sencilo HealthIT Solutions, you can get:

A dedicated customer team
A website customized for your institution
A full portfolio of robust solutions
Easy setup, implementation and maintenance
Simple ordering and delivery
Technology training
Flexible financing options


Sencilo HealthIT Solutions Professional Services makes it easy.

In addition to providing high-quality technology at a low cost, Sencilo HealthIT Solutions Professional
Services can help you plan your healthcare computing from the ground up. By working with you from the initial construction phases, we can help you save time and money and lead to a truly customized solution.

Sencilo HealthIT Solutions Professional Services offers complete services that include:
Design
Procurement
Installation
Training
Maintenance
Support

About Us

Sencilo HealthIT Solutions is a Florida-based integrator specializing in EHR Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including Allscripts, VMware, Dell Fujitsu EMC, Hitachi, Symantec, IBM, HP, Cisco, Microsoft, Gateway Sencilo has offices throughout Florida including: Orlando Lake Mary Daytona, Medical City solutions include Security "meaningful use" "meaningful usage" EMC HP IBM Quantum Compliance Gartner Magic Quadrant Quadrent LTO Daytona Beach Deland Melborne Tampa Clearwater, Dragon, Voice Recognition, Dragon Dictation
Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts Patient Data electronic health record P4P rules and the HITECH Act PayerView Rankings practice management tools $44,000 in Medicare or $66,000 in Medicaid from the American Recovery and Reinvestment Act eClinicalWorks, Allscripts, NextGen, GE Centricity, and Meditech Electronic Healthcare IT Medical Records EHR Clinical Practices eClinicalWorks Allscripts Florida EMR, EHR, electronic medical record, health, records, practice management systems solutions, medication services, PHR Otolaryngology, Orthopaedics, Pain Nuerosurgery, Urology, Ophthalmology, Cardiology, Billing, Appointment Scheduling, clinicalworks, eClinicalWorks, solutions for physicians, hospitals, clinical education and medical services Computerized Patient CPR, Order Entry, CPOE, Document Clinical Information Informatics, Computer-based, SOAP, HIT, Healthcare Encounter Forms, web based, online, clinical rules database, electronic prescribing, e-prescribing, eprescribing, athenaClinicals, certified EMR, certified EHR, HITECH Act VAR Reseller Dealer hipaa privacy doctor, healthcare performance management, data security, hosting, arra, free, InterFAX, MyWay, HIPPA, EasyPayMedicare, MedicAID, SureScripts, FNC, billing, superbill iMedica Tiger on Windows, eprescribe pqri simple practice management revenue cycle e-cw e-clinicalworks greenway emds nextgen ge sage athena epic klas Dragon NaturallySpeaking speech recognition Google Health, Microsoft Healthvault Health Internet certified "meaningful use" violations HealthPresence Health Presence Sencilo “transformative” telemedicine medicaid medicare Seminole County Medical Society Orange county Orlando Medical News Trusted Advisor e-Prescription e-Rx CareTracker paperless scanning document storage hippa audits iscribe document scanning fi-6130 fi-6040 CCHIT ARRA surescript