Here at Record Nations, our goal is to help streamline your office efficiency, no matter what industry you’re in. As the world moves in a more digital direction, record management tends to move with it. HIPAA, FACTA, and GLBA have been around for a long time, but as technology changes, so do the regulations surrounding secure record keeping.
When it comes to HIPAA, there are many rules and regulations for the safeguarding of information. Especially when it pertains to PHI, also known as protected health information. In this article we aim to better explain what PHI is, how it’s protected, and potential hazards when it comes to emerging technologies.
What is PHI?
Simply put, PHI stands for protected health information, sometimes referred to as personal health information. This covers any piece of identifiable information that could put a patient’s confidentiality at risk. HIPAA actually identifies 18 items, when placed into a medical setting, that are classified as PHI. Some of the most common examples of PHI include, but are not limited to:
- Phone Numbers
- Social Security Numbers
- Medical Records
From the moment we are born, PHI is being created. Especially now, where everything is computerized, our first moments are entered into a hospital database. From here, a detailed medical record is kept and maintained that will likely follow us for the rest of our lives.
On a positive note, this makes tracking your health records seamless. Regardless of geographical moves, or changes to your medical care team. This makes future visits with new doctors or specialists infinitely easier. Any medical professional with the right clearance can see your entire medical history.
How is PHI Protected?
The primary law governing the safe-handling of PHI is HIPAA. HIPAA has very strict rules regarding how this information is disseminated. These rules allow for the sharing of information between “covered entities” in the course of a patient’s treatment. This includes an array of healthcare providers as well as insurance agencies. There are very few entities outside of this setting that can access this information. These entities often need the written consent of the patient, and they must follow all applicable HIPAA regulations regarding this information.
HIPAA has very strict guidelines when it comes to how this information is handled. There are three main ways that HIPAA mandates this data be protected.
- First, the technology must be up-to-date and secure. This includes password protection, firewalls, and encryption.
- Second, is the physical protection of digital and paper files. This includes storage requirements such as limiting access to authorized personnel, the ability to lock the storage area, retention requirements, and in some cases video monitoring.
- Lastly, is the administrative protections associated with PHI. This limits who can access this information, as well as what information can be shared to a third party. This often includes security training for staff and physicians alike.
HIPAA violations are very severe, and can be very costly if not handled properly. HIPAA violations start at $100, but can be levied up to the amount of $25,000 per violation depending on the offense.
Emerging Technologies & Danger to Protected Health Information
It’s no secret that a leak of PHI can be very hazardous to the business and/or victim that was exposed. Cybercriminals are actively seeking this information in order to perpetrate a number of crimes including identity theft, blackmail, and even extortion.
Roughly 94% of PHI data breaches in 2021 were classified as cybercrime or hacking. This accounted for the exposure of 43.1 million PHI records. It’s one of the biggest trends emerging in cybercrime, which is why it’s so important to understand how your information is being safeguarded.
This becomes a bit of a gray area when the subject of health apps and wearable tech comes up. This can be anything from smartwatches to biometric trackers in our cellphones. These devices are able to track everything from blood pressure, cardiovascular fluctuations, and even fingerprints. This information is undoubtedly PHI, but the tech companies collecting it are not necessarily considered “covered entities” under HIPAA guidelines.
The fact that most people are willingly providing this information by agreeing to various terms and conditions, puts their information at serious risk. It also leaves little room for recourse under HIPAA since this information was provided voluntarily. It’s crucial to understand the fine print when using these devices, as well as having a firm understanding of how your information will be used and stored. It’s crucial to understand who can access it and what each company’s data breach protocols are.
Record Nations has Solutions for Secure Handling of PHI
Record Nations partners with record management companies nationwide that have a unique understanding of PHI and all applicable HIPAA regulations. Our experts can put you or your medical practice on the path to industry compliance with state of the art technologies. Contact us by filling out the form, using the live chat button, or giving us a call at (866) 385-3706. One of our representatives will match you with a company that meets or exceeds your compliance needs. As PHI becomes more complicated, it’s important to put your trust into the hands of experienced professionals.