PHI is defined as any information collected from an individual that is: created or received by a health care provider, relates to the past, present, or future condition of an individual, and which can reasonably used to identify an individual.
The following items are considered PHI. This list is not all-inclusive.
|Name||Address: Street, City, Zip Code|
|Telephone Numbers||License Plate Numbers|
|Health Plan Beneficiary Number||Email Addresses|
|Certificates/Licenses||Medical Record Number|
|Biometric Identifiers (fingerprint)||Photographic Images|
|Dates: Birth Date, Admit & Discharge Date|
- If you write any PHI on a piece of scrap paper or note any of them on a document, they must be properly shredded and cannot be left out in public view nor thrown into a garbage can.
- You cannot email any patient care records or documents containing this information unless the email is sent through an encryption process (Gmail and most are not encrypted)
- Ensure you are logged into the EMR when completing a report. This eliminates issues with shift and crew changes.
- Do not copy/email patient care records from the Elite system. They can be viewed within the system or printed for specific reasons such as court.
- Log out of your EMR when not in use. This ensures that if the computer is left unattended, someone can’t view any reports on the local computer.
- Information about a call cannot be shared with those not on the case (with the exceptions of specific things such as training, QI, legal, etc. in the proper setting)
If there is ever any doubt, err on the side of caution and don’t share or view the information, or dispose of it in the proper manner.
More information on HIPAA can be found here: https://www.hhs.gov/hipaa
A copy of the COVB Notice of Privacy Practices can be found here: https://www.vbgov.com/government/departments/human-services/Documents/hipaa-privacy-practices.pdf
Other policies that might apply to this include: