REASON:
|
Individually identifiable health information has a two-part definition:
1.
Information about
an individual's past, present or future physical or mental health, the provision
of health care for the individual, or the payment for health care for the individual,
and
2.
The information identifies
the patient or could reasonably be expected to identify the patient.
Simply put, PHI is any information that allows
you to link a person with their health condition.
For this reason, PHI is seldom just one piece of data: it usually
takes two or more pieces of data to qualify as PHI. For example, a person's name
by itself is not PHI; however, the person's name in a physician's appointment listing
is PHI. Also, a diagnosis by itself is not PHI, but the diagnosis along with a clinic
visit date is PHI.
The federal government has defined 18 identifiers, any one of which,
if present, will cause health information to be considered PHI. These include the
following as they relate :
Names
not only the patient's
name, but to the patient's family or household members, employers, and health care
providers
Dates
(except year), including
birth, death, admission, discharge, clinic dates of service, etc.
Numbers:
medical record, account,
Social Security, device serial #, certificate/licensure, telephone, VIN, etc.
Addresses:
geographic subdivisions
smaller than a state (i.e., city, county, zip), URLs, IP address numbers, and email
addresses
Graphics:
photographs, video
recordings, voice prints, finger prints
Remember, PHI is not just in medical records!
|