Here are some helpful reminders for protecting PHI at your practice:
Manage your password properly:
Protect your PHI by managing your password. Selecting a strong computer password (one that is easy for you to remember but difficult for someone else to guess) is an essential step in securing your practice's information. Generally, you should select a password that:
- Includes both letters and numbers
- Consists of at least six characters (your organization may require seven or eight)
- Incorporates upper- and lowercase letters, if your system supports them
- Includes special keyboard characters (such as #), if your system permits
- Isn't a personal name, special date, fictional character, or real word
Tip for your beginner staff regarding disclosure of PHI:
The HIPAA Privacy Rule requires that access to and disclosure of protected health information (PHI) be limited to the minimum necessary, with some exceptions, such as for treatment. The HITECH Act modifies that requirement so that covered entities will be in compliance if the PHI access, use, and disclosure are limited to either the minimum necessary or a "limited data set."
The Privacy Rule permits a covered entity to use and disclose PHI in a limited data set without individual authorization for research, public health, and the covered entity's healthcare operations. A limited data set must not include any direct identifiers for the individual, relatives, household members, or employers, including:
- Name
- Street address
- Telephone and fax numbers
- E-mail address
- Social Security number
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- URLs and IP addresses
- Full-face photos and any other comparable images