Introduction
HIPAA:
- Health Insurance Portability and Accountability Act
- A federal law passed in 1996 (Ramli, 2021)
- deals with the privacy of patients’ data, including healthcare insurance coverage and uniform provider identity.
PII:
- Personal Identifying Information
- Health information on an individual
- created or collected by a healthcare provider
- important to the delivery of health care
PHI:
- Protected health information
- concerns a patient’s medical history and demographics
- gathered to acquire patients, quality treatment.
ePHI:
- Electronically protected health information (Ramli, 2021)
- stored, generated, received and computed electronically
- ePHI organizers need to follow HIPAA rules
HIPAA Security Rule
- The HIPAA security rules entail privacy rules
- Important for protecting data and information
- promote confidentiality, security and integrity of ePHI,
- Physical, administrative, technical safeguarding procedures implemented
- Implementation of both tech and non-tech measures (Tovino, 2020)
- April 5th 2005- effective compliance day
- The specific entities that are covered must:
- ensure integrity, and availability of ePHI that they receive, create, maintain and transmit
- Protect and identify security threats (Tovino, 2020).
- Protection against reasonably anticipated disclosure
- Ensure the workforce complies with the rules.
Safeguarding of PII, PHI, and ePHI
- Sensitive information should not emailed to personal account
- Email encryption
- Hard copies of sensitive PII protectection
- Proper use of US mail (Moore & Frye, 2019).
- Do not share passwords or logins.
- Electronic copies of sensitive information made
- Hard drives should be encrypted
- Safeguarding involves securing equipment and environment.
- Firewalls should be installed
- Train the workforce (Moore & Frye, 2019).
- Implement group policies
Disclosures of PII, PHI, and ePHI
- Disclosed to the individual to whom it pertains
- Disclosures may involve cases of identity theft
- Carelessness may lead to data abuse (Cohen & Mello, 2018)
- Written consents from patients for disclosure
- disclosure prevent or lessen
- Minimize harm to an individual or the public (Cohen & Mello, 2018).
- Law enforcement in tracking down data thieves
Conclusion
- Defining HIPAA, PII, PHI, ePHI, and ePHI
- Organizations should safeguard patients private information.
- Organization’s train staff dealing with sensitive information.
- Safeguarding practices
- Disclosing data to the right people
References
Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century. Jama, 320(3), 231-232. Web.
Hui, Karen, Carol J. Gilmore, and Mujahed Khan. “Medical Records: More Than the Health Insurance Portability and Accountability Act.” Journal of the Academy of Nutrition and Dietetics 121, no. 4 (2021): 770-772. Web.
Iyiewuare, P. O., Coulter, I. D., Whitley, M. D., & Herman, P. M. (2018). Researching the Appropriateness of Care in the Complementary and Integrative Health Professions Part 2: What Every Researcher and Practitioner Should Know About the Health Insurance Portability and Accountability Act and Practice-based Research in the United States. Journal of manipulative and physiological therapeutics, 41(9), 807-813. Web.
Moore, W., & Frye, S. (2019). Review of HIPAA, part 1: history, protected health information, and privacy and security rules. Journal of nuclear medicine technology, 47(4), 269-272. Web.
Mahajan, U. V., Wafapoor, V., Mahajan, O. A., & Anderson, W. S. (2022). Use of Patients’ Protected Health Information to Solicit Hospital Funds: How did This Practice Come About?. Journal of Patient Experience. Web.
Ramli, K. (2021, July). HIPAA-based Analysis on the Awareness Level of Medical Personnel in Indonesia to Secure Electronic Protected Health Information (ePHI). In 2021 IEEE International Conference on Health, Instrumentation & Measurement, and Natural Sciences (InHeNce) (pp. 1- 6). IEEE. Web.
Tovino, S. A. (2020). Privacy and security issues with mobile health research applications. The Journal of Law, Medicine & Ethics, 48(1_suppl), 154-158. Web.