Corporate compliance corner February
By Corporate Compliance Officer Ed August
PHI is an acronym that you have probably heard while working at Symbria. But, how familiar are you with all of the information that is considered PHI – and the security that is required when working with this information?
In this month's installment of the Corporate compliance corner, I hope to provide information that will help you understand what PHI is – and the steps that you need to take to protect this valuable information.
What is PHI?
Under U.S. law, Protected Health Information (PHI) is any information that:
- Is about health conditions, the provision of healthcare services, or the payment for healthcare services that is created or collected by our company or one of our client communities.
- Can be linked to an individual (such as a patient or resident at a client community).
Some common examples of PHI include a patient's or resident's:
- Telephone or fax number.
- Email address.
- Social security number.
- Medical record number.
- Health insurance number.
- Certificate/license number.
- Full face photographic images and any comparable images.
- Biometric identifiers, including finger prints, retinal prints, and voice prints.
- Any other unique identifying number, characteristic, or code (unless assigned by an investigator).
You also need to be familiar with the term electronic protected health information (ePHI), which refers to any PHI that you create, store, transmit, or receive electronically. This includes information contained within personal computers with internal hard drives as well as external portable hard drives, including iPods, magnetic tapes, USB memory sticks, CDs, DVDs, PDAs, smartphones, and email.
Failing to protect PHI is a violation of federal law that jeopardizes our client relationships and subjects our company to the risk of a significant fine. Here are some ways that you can protect PHI:
- Never leave PHI unattended at your workstation or in your car.
- Do not leave PHI on printers, fax machines, or copy machines.
- After using PHI, destroy copies using a paper shredder or shred bin.
- Call the IT Helpdesk if a smart phone that you use for business purposes is lost or stolen.
- If you need to email PHI, verify the email address and encrypt it.
- Avoid discussing residents or patients in public areas where you can be overheard.
- Secure files and other documents that contain PHI.
- Encrypt any external email that contains PHI.
For more information