While learning the topic of HIPAA, you must hear the term Protected Health Information (PHI), which refers to protected health information. It is data of demographic character, stored to identify patients of HIPAA Compliant organizations. Details that make information PHI are geographic data, names, numbers, medical records, Social Security numbers, etc.
But that is not everything you need to know. PHI is a more interesting topic than it can seem at the first sight. That’s why we’ve prepared 5 curious facts that probably will surprise you. So, let’s find them out!
Protected Health Information Is Not Always PHI
Confused? We’re going to explain.
People mistakenly consider all information under HIPAA to be PHI, but actually, there are some exclusions.
Everything hangs on the person or device recording health information. For example, we all know that nowadays there are a lot of devices measuring health data such as blood pressure, number of steps per some period, etc. It seems to be obvious that such information should be PHI, but it is true only when a company provider or a developer of a certain device or app is HIPAA Compliant. In case they are not, such health data is not PHI under HIPAA.
Names and Telephone Numbers Are Not Always Considered to be Protected Health Information
For example, when a person calls a certain clinic to make an appointment for the first time, there’s no related information to this patient, such as some medical records, prescriptions, etc. Only when a client passes some treatment, then name and phone number are individual identifiers, which responsible workers attach to a treatment record. And only then it is possible to consider this data as PHI.
Future Health Information Can Also Be Protected
It seems to be hard to understand, as future health data doesn’t exist yet. But this statement is one of the most common delusions. Future health information can contain possible future ways of treatment or their alternatives, possible prescriptions, predictions, etc. In case someone stoles or damages such information, it can cause serious harm to a patient. So, healthcare organizations should store this kind of information as PHI as well as any other personal medical records.
Protected Health Information Can be Discussed
Healthcare providers can’t discuss PHI under HIPAA Privacy Rule, but depending on the situation there are some exceptions. For example, two doctors can discuss a patient’s treatment to achieve the solution of a problem. They should discuss it privately with confidence that nobody can eavesdrop on them. That also concerns discussions between a doctor and a patient’s director. A patient should permit a doctor to talk over PHI. Even if an employer is a mediator between a healthcare plan and a patient and this discussion isn’t about payment, HIPAA doesn’t cover this talk.
PHI Can Be Converted To ePHI
The HIPAA Privacy Rule covers both types of protected health information. The only difference is that healthcare organizations use and store ePHI electronically, for example, in cloud storage or on Electronic Health records. Also, HIPAA Security Rule and HITECH Act refer to ePHI more than to PHI. It means that it is more protected in some aspects.
Conclusions
It is possible to add a lot of curious facts to this list, as this topic is wide enough. There are a lot of nuances and cases to study. Nevertheless, we hope that you’ve learned something new from these facts and extended your knowledge in the field of PHI. We would be glad if you could leave your feedback below. 🙂