Beginning April 14, 2003 all health care providers and staff are required by Federal Law to protect the confidentiality of Protected Health Information. There are serious penalties for failing to do so.
Protected Health Information (PHI) describes a patient's health condition or care; payment for that care; or includes personal identifiers such as the patient's name, address, Social Security number, age or zip code. There are a number of variables that can make determining just what patient information is protected somewhat confusing.
Listed below are some general guidelines that can assist you in clarifying what may or may not be PHI:
- Health Information that can be individually identifiable is PHI. It does not need to include a patient's name, just enough information that could allow someone to figure out who it is.
- PHI can be verbal, written or electronic. It could be on paper, on the computer or on the telephone, or even a quick chat in the hallway.
- PHI can originate at any of our client's facilities or be received from someplace else.