This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Protected Health Information
Protected Health Information

Version management

Difference between version and

At line 1 added 61 lines
!!! Overview
[{$pagename}] ([PHI]or [e-PHI]) is [Protected Data], and is defined by [HIPAA] as:[1]
%%quote
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a [covered entity|HIPAA Covered Entity] or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12
“Individually identifiable health information” is information, including demographic data, that relates to:
* the individual’s past, present or future physical or mental health or condition,
* the provision of health care to the individual,
* the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.[13] [Individually identifiable health information|Personally Identifiable Information] includes many common identifiers (e.g., name, address, birth date, Social Security Number).
The Privacy Rule excludes from [{$pagename}] employment records that a [covered entity|HIPAA Covered Entity] maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 [U.S.C.] §1232g.
/%
[{$pagename}] generally, is [PII] as it relates to medical information.
!! Specific Identifiers
Under the US [Health Insurance Portability and Accountability Act] ([HIPAA]), [{$pagename}] that is linked based on the following list of 18 identifiers must be treated with special care:
# Names - [First Name], [Last Name]
# All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and [t]he initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
# Dates (other than year) directly related to an individual
# [Phone Numbers]
# [Fax] numbers
# [Email Address]
# [Social Security Numbers]
# [Medical ID Card] or record numbers
# Health insurance beneficiary numbers
# [Account Numbers]
# Certificate/license numbers
# [Vehicle] [identifiers] and [Serial Number], including [License Plate] Number;
# [Device] [identifiers] and [Serial Numbers];
# Web [Uniform Resource Locators] ([URLs])
# [Internet Protocol (IP) address numbers|IP Address]
# [Biometric data] [identifiers], including [Fingerprint recognition], [Retinal recognition] and [voice] prints
# Full face [Photography] [images] and any comparable [images]
# Any other [unique identifying number|Unique Identifier], characteristic, or code except the unique code assigned by the investigator to code the data
!! [De-Identified Health Information|De-anonymization]
PHI is used in datasets by researchers share the dataset publicly. When researchers remove [{$pagename}] from a dataset they do so in an attempt to preserve privacy for research participants. This is defined as:[1]
%%quote
There are no restrictions on the use or disclosure of [de-identified health information|De-anonymization]. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the [covered entity|HIPAA Covered Entity] has no actual knowledge that the remaining information could be used to identify the individual.
/%
!! Permitted Uses and Disclosures[1]
A [HIPAA Covered Entity] is permitted, but not required, to use and disclose protected health information, without an individual’s [authorization], for the following purposes or situations:
# To the Individual (unless required for access or accounting of disclosures);
# Treatment, Payment, and Health Care Operations;
# Opportunity to Agree or Object;
# Incident to an otherwise permitted use and disclosure;
# Public Interest and Benefit Activities;
# Limited Data Set for the purposes of research, public health or health care operations. Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.
Read the official documentation for details.A lot of [{$pagename}] is also considered [Personally Identifiable Information] by most parties.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/|http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/|target='_blank'] - based on 2013-04-19
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop