PHI in Medical Coding
PROTECTED HEALTH INFORMATION (PHI)
PHI stands for Protected Health Information and is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.
In other words, PHI is personally identifiable information in medical records, including conversations between doctors and nurses about treatment. PHI also includes billing information and any patient-identifiable information in a health insurance company's computer system.
Protected Health Information is the definition used by HIPAA (Health Insurance Portability and Accountability Act) to define the type of patient information that falls under the jurisdiction of the law. eHealth applications that collect, store or share PHI need to follow HIPAA compliance guidelines in order to be compliant with the law.
In order for health data to be considered PHI and regulated by HIPAA it needs to be two things:
Personally identifiable to the patient
Used or disclosed to a covered entity during the course of care
Examples of PHI:
Billing information from your doctor
Email to your doctor's office about a medication or prescription you need.
Appointment scheduling note with your doctor's office
An MRI scan
Blood test results
Phone records
Examples of health data that is not considered PHI:
Number of steps in a pedometer
Number of calories burned
Blood sugar readings w/out personally identifiable user information (PII) (such as an account or user name)
Heart rate readings w/out PII
The Difference Between Protected Health Information and Consumer Health Information
For developers, determining whether an application collects PHI or not is critical to determining whether HIPAA compliance requirements need to be met or not. So how do you know if you're dealing with protected health information (PHI) or consumer health information?
The test is straightforward: if the device or application you are building records or transmits the user's personally-identifiable health data held in the app or device and is used by a covered entity in the course of care, then you are dealing with PHI and need to be HIPAA compliant.
If you are building a wearable device or application that collects health information, but does not plan on sharing it with a covered entity at any point in time then you do not need to be HIPAA compliant. However, the trend in mobile health data collection is toward the sharing of health data with health care providers—making it PHI by definition.
For example, the Nike Fuel Band does not need to be HIPAA compliant because it does not track PHI and you can't transmit that data from the device to a covered entity. Data about blood sugar and sleep patterns collected by Apple's Healthkit and accessed by an app to share with a doctor falls under HIPAA.
What is ePHI?
ePHI is Electronic Protected Health Information and is All individually identifiable health information that is created, maintained, or transmitted electronically by mHealth (link to mHealth page) and eHealth products. This includes PHI on desktop, web, mobile, wearable and other technology such as email, text messages, etc.
Comments
Post a Comment