Privacy Rule. One such policy includes incidental use and disclosure of confidential health information (also known as Protected Health Information or “PHI”). Per the requirements in the HIPAA Privacy Rule (See 45 CFR 164.530), protect the confidentiality of individually identifiable patient health and financial information from any unauthorized intentional or unintentional use or disclosure.
For clarity, Protected Health Information (PHI) is defined as any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.
The HIPAA Privacy Rule specifies the following pieces of “Individually Identifiable Information” that, when linked with health or medical information, constitute PHI (45 CFR 164.514):
Names of the individual, and relatives, employers or household members of the individual
Geographic identifiers of the individual, including subdivisions smaller than a state, street addresses, city, country and precinct
Zip code at any level less than the initial three digits; except if the initial 3 digits cover a geographic area of 20,000 or less people, then zip code is considered an identifier
All elements of dates, except year, or dates directly related to an individual including birth date, admission date, discharge date, date of death and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
Telephone numbers
Fax numbers
Electronic mail addresses
Social security numbers
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers
Device identifiers and serial numbers
Web Universal Resource Locators (URLs)
Internet Protocol (IP) address numbers
Biometric identifiers, including finger and voice prints
Full-face photographic images and any comparable images
Any other unique identifying number, characteristic, or code
Failure to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) can result in Civil and Criminal penalties. These civil and criminal penalties can apply to both Covered Entities and Individuals.
If you have questions regarding HIPAA or need help maintaining compliance, please click here to contact Harmony Healthcare International or call them at (800) 530-4413.
