Protected Health Information (PHI) refers to all of the health information that is created, received, stored or transmitted by a covered entity or their associate that can identify the individual. The health data that fall under PHI include medical records, results of laboratory tests, photographs of medical imaging, patient’s history of treatment, medication details, etc. PHI, on the other hand, can exist in various physical forms such as electronic medical records, written documents, and even the oral communication of health professionals.
The HIPAA Privacy Rule protects some information classified as PHI, that is, establishes standards for the safeguarding of health records which can identify an individual.Covered entities and their business associates are required to follow the HIPAA regulations to avoid any risk of unauthorized access to PHI.
restrictions on unauthorized uses and disclosures of PHI apply for treatment, payment, and healthcare operations permitted without the individual’s consent. Other uses and disclosures are subject to the individual’s written authorization except where the law provides otherwise or in its contravention.
Covered entities should take appropriate steps to ensure that any use or disclosure of PHI in excess of that which is necessary to achieve the objective is kept to a bare minimum. Such notice must be given also to individuals whose unsecured PHI has been breached, HHS, and in some instances, the media.
Ensuring that PHI is kept confidential and secure is paramount for building and sustaining patient goodwill, abiding by applicable laws, and protecting the patient’s right to confidentiality and privacy in healthcare services.
