Quick Answer: Is Email Considered PHI?

What is the best example of personally identifiable information?

Personally identifiable information, or PII, is any data that could potentially be used to identify a particular person.

Examples include a full name, Social Security number, driver’s license number, bank account number, passport number, and email address..

What is considered sensitive PHI?

Sensitive Personal Identifying Information (PII) is defined as information that if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual(1).

What is considered PHI in healthcare?

PHI stands for Protected Health Information and is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.

Is an email address considered PHI?

Demographic information is also considered PHI under HIPAA Rules, as are many common identifiers such as patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates, when they are linked with health information. … Social Security numbers. Email addresses. Medical record numbers.

What is the best example of protected health information?

Health information such as diagnoses, treatment information, medical test results, and prescription information are considered protected health information under HIPAA, as are national identification numbers and demographic information such as birth dates, gender, ethnicity, and contact and emergency contact …

What are examples of PHI?

Examples of PHIPatient names.Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.Dates — Including birth, discharge, admittance, and death dates.Telephone and fax numbers.Email addresses.More items…•

What are some common identifiers of PHI?

The 18 HIPAA IdentifiersName.Address (all geographic subdivisions smaller than state, including street address, city county, and zip code)All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)Telephone numbers.More items…

What is not considered PHI under Hipaa?

What is not considered as PHI? … For example, employment records of a covered entity that are not linked to medical records. Similarly, health data that is not shared with a covered entity or is personally identifiable doesn’t count as PHI. For example, heart rate readings or blood sugar level readings without PII.

What is considered PHI?

Protected Health Information The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information (PHI)2.

Is patient name alone considered PHI?

Pursuant to 45 CFR 160.103, PHI is considered individually identifiable health information. A strict interpretation and an “on-the-face-of-it” reading would classify the patient name alone as PHI if it is in any way associated with the hospital.

What info is protected under Hipaa?

The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”

Is it a Hipaa violation to email Phi?

HIPAA does not prohibit the electronic transmission of PHI. … It is not a HIPAA violation to email patient names per se, although patient names and other PHI should not be included in the subject lines of emails as the information could easily be viewed by unauthorized individuals.

When can you use or disclose PHI?

Generally speaking, covered entities may disclose PHI to anyone a patient wants. They may also use or disclose PHI to notify a family member, personal representative, or someone responsible for the patient’s care of the patient’s location, general condition, or death.

How do you protect patient health information?

10 Steps to Safeguard Patient Health Information in the CloudSecure transmissions. … Perform annual risk assessments. … Enhance breach notification processes. … Segregate data. … Implement user and session reporting. … Beef up physical security. … Establish clear access control policies. … Restrict areas where ePHI is stored.More items…