PHI and HIPPA
Protected health information (PHI) refers to health information that can identify an individual, or can be used with other available information to identify an individual, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. PHI and HIPPA are important rules that coders need to understand and follow.
The HIPAA rule applies specifically to ?covered entities? and their ?business associates.?
Protected Health Information requires two things:
- An identifier and
- A piece of health information
The HIPAA privacy rule provides us with a list of what the federal government considers to be ?individual identifiers.?
These include:
- Names
- Addresses
- Social security numbers
- Telephone numbers
- E-mail addresses
- Dates of birth
A license plate number on a patient intake form, if it?s the only identifying information, can be also considered as protected health information because it could be used to identify a person.
In case of educational records held by schools, HIPAA excludes some forms of health information from the definition of Protected Health Information. These records are covered by a different federal privacy law: The Family Educational Right and Privacy Act (FERPA).
Also, employment records that contain identifiable health information that are held by a covered entity acting as an employer are not considered as Protected Health Information. For instance, if a Company requires drug testing of all applicants, and the company maintains files containing this health information in its Human Resources department, these files are not considered PHI.