Skip to Main Content

Introduction

The health record is a legal document that is admissible as evidence in a court of law. As a healthcare professional, you will examine the patient to collect health information during their course of care.1 It is your responsibility as the overseeing healthcare professional to keep health information accurate, timely, relevant, secure, and confidential.

The Health Insurance Portability and Accountability Act and Protected Health Information

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 prohibits the release of protected health information (PHI) without the patient's authorization. The HIPAA Privacy Rule defines PHI as “individually identifiable health information that is transmitted by electronic media, maintained in electronic medium, or transmitted or maintained in any other form or medium.”2 The following is a list of individually identifiable health information that would need to be removed prior to disclosing any patient information:

  1. Names, of the individual patient or of relatives, employers, or household members

  2. Geographic location, including street address, city, county, precinct, zip code

  3. Date of birth

  4. Admission date

  5. Discharge date

  6. Date of death

  7. Telephone numbers

  8. Fax numbers

  9. E-mail addresses

  10. Social Security number

  11. Health record number

  12. Health plan beneficiary number

  13. Account number

  14. Certificate/license numbers

  15. Vehicle identifiers and serial numbers, including license plate numbers

  16. Device identifiers and serial numbers

  17. Web Universal Resource Locators (URLs)

  18. Internet Protocol (IP) address numbers

  19. Biometric identifiers, including finger- and voiceprints

  20. Full-face photographic images and any comparable images

  21. Any other unique identifying number, characteristic, or code

Disclosing patient information must be taken seriously. When in doubt on what information is and is not appropriate to release, the health information management professional within your organization is a good resource to consult prior to releasing any patient information.

Keeping Health Information Secure

Securing PHI involves minimizing the chance of getting a health record lost, altered, damaged, or destroyed.

The Administrative Simplification provisions of HIPAA require the Department of Health and Human Services (DHHS) to establish national standards for the security of electronic healthcare information. This rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.

Methods of protecting electronic health information include the following4:

  • Limiting access to information through the use of passwords, key cards, or biometric identification

  • Adding an electronic fingerprint into the health record for each entry including the name, date, and time that the entry/change to the record was made

  • Changing passwords frequently

  • Prohibiting the sharing of passwords among employees

  • Deleting system access immediately upon termination of an employee

  • Restricting copying function

  • Restricting printing function

  • Incorporating information on safeguarding electronic health information in employee orientation

  • Including security mechanisms in contracts with outsourced vendors

  • Establishing policies ...

Pop-up div Successfully Displayed

This div only appears when the trigger link is hovered over. Otherwise it is hidden from view.