Protected Health Information (PHI) is a sensitive topic, and as such, it is surrounded by many myths and misconceptions. These myths can lead to confusion and mistrust, which can ultimately harm patients and healthcare providers. In this blog post, we will explore some of the most common myths about PHI and provide accurate information to help clear up any confusion.
Myth #1: PHI is only protected by HIPAA
One of the most common misconceptions about PHI is that it is only protected by the Health Insurance Portability and Accountability Act (HIPAA). While HIPAA is a federal law that regulates the protection of PHI, it is not the only law that applies to PHI. Other federal laws, such as the Family Educational Rights and Privacy Act (FERPA) and the Genetic Information Nondiscrimination Act (GINA), also provide protections for PHI. Additionally, state laws may also provide additional protections for PHI.
Myth #2: PHI can only be shared with authorized parties
Another common misconception is that PHI can only be shared with authorized parties, such as healthcare providers and insurance companies. While it is true that PHI can only be shared with authorized parties, there are certain situations where PHI can be shared without consent. For example, PHI can be shared in emergency situations, for public health purposes, or for research purposes. Additionally, PHI can be shared with authorized parties for the purpose of treatment, payment, and healthcare operations.
Myth #3: PHI can never be disclosed
A third common misconception is that PHI can never be disclosed. This is not true. While PHI is protected by law, there are certain circumstances where PHI can be disclosed without consent. For example, PHI can be disclosed in response to a subpoena or court order, or to report abuse or neglect. Additionally, PHI can be disclosed to law enforcement officials in certain situations, such as if a patient is a suspect in a crime or if a patient is a victim of a crime.
Myth #4: PHI can only be shared with written consent
Another myth is that PHI can only be shared with written consent. This is not true. While written consent is the preferred method for sharing PHI, there are other ways that PHI can be shared. For example, verbal consent can be used in emergency situations, or electronic consent can be used for remote consultations or telehealth services.
Myth #5: PHI can only be shared with healthcare providers
Another common misconception is that PHI can only be shared with healthcare providers. This is not true. While healthcare providers are the primary parties that need access to PHI, there are other parties that may also need access to PHI. For example, insurers may need access to PHI to process claims, and researchers may need access to PHI for studies.
Myth #6: Patient Account number and MRN #’s are not PHI
The biggest misconception is that information such as Patient Account Number & Medical Record Number are not PHI. But it is shockingly true to know that information such as IP addresses, vehicle license plate numbers, biometric identifiers including finger and voice prints can also be classified as PHI. In simple words, anything and everything that has the potential to identify an individual is protected health information (PHI) and sharing of this info will result in privacy breach. For a complete list of PHI, please visit the following page.
In conclusion, PHI is a sensitive topic that is surrounded by many myths and misconceptions. It is important to understand the facts about PHI in order to protect patients and healthcare providers. HIPAA is a federal law that regulates the protection of PHI, but it is not the only law that applies to PHI. PHI can be shared with authorized parties, but there are certain situations where PHI can be shared without consent. Additionally, PHI can be disclosed in certain circumstances, and there are different ways that PHI can be shared, such as verbal consent or electronic consent. Finally, PHI can be shared with healthcare providers, insurers and researchers. Understanding the facts about PHI is essential to ensure that PHI is protected in the most appropriate and efficient way possible.