The differences come down to the details. For instance, you must ensure that you are adequately securing patient information, but the measures you take to do so may differ from another organization. A security protection that is appropriate for a large hospital is not necessarily appropriate for a private practice. This is why it is important to partner with an experienced HIPAA solution provider. Compliancy Group provides clients with the guidance they need to implement an effective HIPAA compliance that is appropriate for your specific needs.
What is Protected Health Information?
A key component of understanding HIPAA is understanding what protected health information (PHI) is. This is because much of the regulation revolves around how you handle PHI, how PHI is protected, and what to do if PHI is compromised in a breach.
The Department of Health and Human Services (HHS), which is responsible for creating HIPAA laws, defines PHI as any individually identifiable health information that relates to the past, present, or future provision of healthcare.
PHI is classified into these 18 identifiers:
- Address (including subdivisions smaller than state such as street address, city, county, or zip code)
- Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
- Telephone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Vehicle identifiers, serial numbers, or license plate numbers
- Device identifiers or serial numbers
- Web URLs
- IP address
- Biometric identifiers such as fingerprints or voice prints
- Full-face photos
- Any other unique identifying numbers, characteristics, or codes