HIPAA Protected Health Information Definition
Guidelines governing the sharing or disclosure of HIPAA Patient Health Information
HIPAA Protected Health Information Definition? HIPAA is very comprehensive in terms of laying down guidelines governing the sharing or disclosure of Patient Health Information and has five separate titles dedicated to such stipulations. The HIPAA Title II is called Administrative Simplification or the AS. To ensure that the privacy of health information is upheld in the prevailing healthcare system, HIPAA emphasizes upon the AS stipulations, which in turn influences the DHHS to endorse national standards for electronic healthcare transactions.
AS is concerned with setting-up national standards for electronic healthcare transactions and benchmarks like identifiers for healthcare providers, health insurance plans and employers. The provisions laid down by the AS address the crucial issue of maintaining the security and privacy of a patient’s health data. The most significant AS HHS (Department of Health & Human Services) Rules that are nationally recognized for this purpose are mentioned in [45 CFR §160, §162 and §164]. These rules are:
Exceptions Regarding HIPAA Protected Health Information
There are some exceptions to the general understanding of PHI:
1) In cases when the covered entity is the Employer — personal information about employees that is maintained as a part of the Employment Records is outside the realm of PHI.
2) Information about an individual recorded as a part of educational pursuits, including professional training, is not PHI.
3) Many specific clauses have been defined by the Family Educational Rights and Privacy Act (20 USC) where certain bits of information can be accessed/shared without the liability to inform the concerned individual.
What is Protected Health Information (PHI)? Understanding De-identifiable Information — the Privacy Rule categorizes some significant exceptions to PHI in the form of De-identified Health Information. Information falling under this category can be disclosed without the fear of facing any HIPAA incompliance-related penalties. De-identifiable Information is regarded insufficient to compromise the privacy of an individual. Intentional de-identification of information is also possible when — a qualified statistician conducts the formal process of de-identifying information by removing specific bits of critical data called Identifiers. Following are some of the common identifiers that can be removed to render Protected Health Information as de-identifiable: