Protecting Your Digital PHI

Protecting Your Digital PHI

Today’s digital world provides astonishing access to information, including your medical data and billing. Technological advancement has provided many benefits including instant communication with healthcare providers, easy access to health records, and online payments; but digital access comes with additional security risks.

Protecting yourself and your personal health information (PHI) should be a top priority to prevent others from retrieving your data. Maintaining security over your PHI is as simple as learning protection techniques and making a few changes to your devices and accounts.

Medical Waste Pros is here to help you safeguard your information and learn more about protecting your personal data with comprehensive training and HIPAA compliant services.

What is PHI (Personal Health Information)?

PHI stands for personal health information. It is a term commonly used in legislation such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). It refers to any data that was created, used, or disclosed while receiving healthcare services that could potentially identify an individual.

HIPAA has created a list of 18 identifiers for PHI. If a record includes any of these identifiers, it is considered PHI:

  1. Full names or last name and initial
  2. All geographical identifiers smaller than a state
  3. Dates (other than year) directly related to an individual such as birthday or treatment dates
  4. Phone Numbers including area code
  5. Fax number/s
  6. Email address/es
  7. Social Security number
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Bank account numbers
  11. Certificates/driver’s license numbers
  12. Vehicle identifiers (including VIN and license plate information)
  13. Device identifiers and serial numbers
  14. Web Uniform Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including fingerprints, retinal, genetic information, and voice prints
  17. Full face photographs and any comparable images that can identify an individual
  18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data

Healthcare data is targeted by cyber criminals because the information can be used to commit fraud, access medical care and drugs, and even commit blackmail. A PHI breach can be difficult to detect and take years to recover from. It is worth taking extra steps to safeguard your information and reduce your chances of becoming a victim of identity theft and fraud.

Forms of Digital PHI

PHI comes in many different forms ranging from physical documents to prescriptions and x-ray results. PHI can also be found in electronic form (ePHI). ePHI refers to records created, stored, transmitted, or received electronically; including files stored on hard drives, computers and devices, removable storage, and cloud platforms. The term also covers files transmitted using the internet via email or file transfers.

Basically, ePHI is just the electronic version of anything considered PHI. It is any digital medical record containing one or more of the 18 PHI identifiers. ePHI was first mentioned with the creation of the HIPAA Security Rule in 2003. It came into force in 2005, laying down 3 security safeguards – administrative, physical, and technical – to comply with HIPAA legislation.

Administrative safeguards include making policies to show how entities will comply with the act. Physical safeguards control physical access to areas of data storage. Technical safeguards protect communications containing PHI when transmitted electronically.

Protecting Digital PHI

The HIPAA Security Rule was created to protect ePHI by establishing a national set of security standards for maintaining ePHI. The rule guides compliance and ensures the confidentiality, integrity, and safety of your health information.

You can take additional steps to protect ePHI for yourself and others’ records whom you may be handling. Below is a list of precautions you can implement today.

Secure Your Accounts

Hackers can leak personal data and valuable information from online accounts. Some easy ways to secure your accounts are with strong passwords and encryption.  

Complex, individual passwords should be created for every one of your accounts. Password managers can be used to generate strong passwords, monitor your accounts, and save passwords for your personal access. Two-step authentication should also be used whenever possible. This requires you to enter your password and a number only you can access for added security.

Encryption protects your information if your computer is stolen or lost. It scrambles readable text so it can only be read by the person who has the decryption key.  There are many types of encryption to meet your security needs.

Protect Your Web Browsing

While web browsing you may come in contact with questionable links, scam emails, and sites that collect data. Effective ways to protect your information is by using anti-virus software, a browser extension, and assessing your risk.

Antivirus software scans your files and websites to find malware that could cause a breach of security. There are many anti-virus options out there that are easy to install and use. Be sure to download all software from a reliable source. Browser extensions block ads and the data they collect. Manually opting out of data collection can also cut down on the amount of data collected.

Assessing your risk helps you to best understand where your PHI may be exposed. By taking a careful look at your storage, security, and access points you can reinforce any areas that may need extra protection.

Protect Mobile Devices

Don’t forget to protect your mobile devices along with computers. Devices like smartphones and tablets have the highest security risks. Best practice security should always be implemented for mobile devices to keep PHI secure.

HIPAA and Compliance Training

Training is fundamental for understanding cybersecurity threats, phishing campaigns, and installing malware. It is also beneficial to become knowledgeable in HIPAA compliance. HIPAA training services are available through Medical Waste Pros to help you better understand current HIPAA regulations, non-compliance liabilities, and steps needed to prevent a data breach.

When you are prepared for the possibility of a breach, you will be able to respond effectively and stop the attack. Being vigilant in prevention and ready to act if needed is the best way to protect your digital PHI.

Need Help Protecting Your PHI?

Medical Waste Pros are experts in protecting PHI to prevent data breaches and leaks of information. Our compliance training services ensure a better understanding of HIPAA requirements and how to store and use PHI with minimal risk. Please contact us to learn more and receive free quotes on training and medical waste disposal services.