Saturday, September 23, 2023
Saturday, September 23, 2023

The Protection of Personal Health Information (PHI) – By Dr. Mark Kestner

In the field of healthcare, providing excellent care to patients is the priority for providers, but doing so involves more than just treatment. Because healthcare providers frequently deal with highly-sensitive information, handling patients with confidentiality and respect is an integral part of establishing trust with them.

Healthcare organizations must be constantly cognizant of protecting this health information, or there could be serious consequences.

What is PHI?

Personal/protected health information (PHI) is defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as health information stored by a HIPAA-covered entity — such as a healthcare provider, insurer, or clearinghouse — and is identifiable to the patient. There is a list of identifiers, including anything from names and photos to health plan numbers that, when associated with medical data, transmute it into PHI.

HIPAA protects patients by setting rules and limits on who can access their protected health information through any means, whether electronic, written, or verbal. This act was passed on the principle that a patient’s health information is their own, and that they should have the right to determine who should and shouldn’t access it.

Everyone is responsible for protecting PHI

Because of the sensitive nature of the PHI protected under HIPAA, it is paramount that everyone in medical workplaces take appropriate care to protect patients’ privacy. Failure to do so could result in catastrophic consequences. “If a patient or patient’s family member submits a complaint, it could prompt a review, potential fines, and loss of accreditation,” explains Dr. Mark Kestner, Chief Innovation Officer at healthcare technology solutions company MediGuru. “Healthcare organizations are very serious about this.”

Indeed, due to the gravity of the situation, every team member has to undergo mandatory annual HIPAA training. “Every member of the team has a responsibility to protect patient information,” Dr. Kestner asserts. “Even if you don’t have direct access to a patient’s medical record, something as simple as discussing a patient’s condition in a public location could be deemed as a HIPAA violation.”

As such, it is often the responsibility of everyone on the healthcare provider’s team to police the workplace environment and ensure patient protection. Healthcare providers are still human, after all; they can make mistakes, but it is important that every team member remind each other of their mutual responsibility to protect both their patients and their practice.

Creating this secure environment for patient information also extends to people who may not be aware of HIPAA regulations. “Patients’ visitors might not understand that the topics they are discussing are something that is in violation of the patient’s privacy rights,” explains Dr. Kestner. “If that information is unwittingly passed to a stranger, you wouldn’t want that to come back to bite you if the patient files a complaint.”

How to protect patients’ PHI

A general principle to adhere to is that patient cases should never be discussed in public places like lobbies, cafeterias, or parking lots. To remedy this issue, healthcare facilities should have workstations and work rooms where sensitive and protected PHI can be discussed without violating the privacy rights of the patient. This is the most basic measure a healthcare facility can implement to protect patient privacy.

Medical records should also be kept in a protected environment where access is limited. In the days of paper medical records, this meant keeping medical records stored in a room where only the people who needed access to them were permitted to enter. However, with the medical industry becoming increasingly digitized in recent years, the way medical records are secured is evolving.

For example, the Electronic Health Record (EHR) of patients should be password-protected and available to be audited. As with any form of PHI, the only people who should be able to access these records are those who require them to optimize patient care. Having people access patient medical records unnecessarily could present a risk of HIPAA violation.

Healthcare providers should be keeping precise track of what information is being accessed by whom and why. “If questioned, a member of the healthcare team needs to justify why they were in the record,” Dr. Kestner said. “It is often the risk management team that conducts this questioning, but it is still the responsibility of each member of the team to ensure that they are only accessing sensitive information when necessary.”

PHI and new health devices

Due to the advent of new health devices, PHI and HIPAA are no longer as black-and-white as they used to be. Several health devices, such as remote monitoring devices, are now being sold direct-to-consumer and are collecting patient data. Some patients, understandably, have expressed concern about whether or not their PHI is secure when using this new technology.

“Anything not connected to your EHR is suspect,” explains Dr. Kestner. “If the data from the device is being stored with your healthcare provider, you know it is protected under HIPAA. The same protections afforded to you under the act apply to the data collected by that device.” However, if the data is being stored by a third party, as opposed to a HIPAA-covered entity, a patient’s information might actually be classified as unprotected data.

One interesting case is the use of watches and fitness trackers to collect medical data like vitals. While these can be an essential tool in understanding a particular patient’s personal wellness — keeping track of their pulse rate can alert them if something is wrong and in need of immediate medical attention — the environment in which this data is being collected isn’t the most reassuring.

As health data continues to be collected from more sources, the lines between secure and insecure are becoming more and more blurred. Health and fitness tracking apps are not considered HIPAA-covered entities, so long as they do not provide healthcare, but if a healthcare provider uses this data, it’s not as clear-cut exactly where HIPAA laws and regulations come into play. In any circumstance, when it comes to PHI, it is always best to err on the side of caution.

PHI has always been a complex issue, but new technological innovations make the discussion even more nuanced. Ultimately, healthcare providers have a legal and moral responsibility to protect their patients’ privacy and protect their sensitive information. Even as the lines of what is and isn’t protected, and specifically who HIPAA applies to are made less clear, healthcare providers must take care to protect this information.

Editor’s Note: Mark Kestner, MD is Chief Innovation Officer of MediGuru. He has extensive executive leadership experience in the military, university systems, integrated delivery systems and particularly in community-based healthcare systems.

Medical Device News Magazine
Our publication is dedicated to bringing our readers the latest medical device news. We are proud to boast that our subscribers include medical specialists, device industry executives, investors, and other allied health professionals, as well as patients who are interested in researching various medical devices. We hope you find value in our easy-to-read publication and its overall purpose and objectives! Medical Device News Magazine is a division of PTM Healthcare Marketing, Inc. Pauline T. Mayer is the managing editor.

Experts Views and Opinions

The Hollywood Writers’ Strike and Ethical AI | By Ed Watal, Founder & Principal — Intellibus

Watal writes, "Less than 12 months ago, with the debut of AI-powered ChatGPT, the true power of AI hit the mainstream. Since then, it has established an unshakeable belief in everyone’s minds that artificial intelligence is here to stay and will forever alter a number of industries." What do you think? Read on.

Viraj Gandhi On Automation and Technology – to Drive Progress in Pharmaceutical Manufacturing

This article takes a closer look at the key benefits of automation and technology in pharmaceutical manufacturing and how Medivant Healthcare harnesses these solutions to drive progress across our production facilities. Read what Viraj Gandhi has to say.

Limb Loss and Preservation Registry (LLPR) Transforms Care Through Data and Insights | By Shawn Murphy, Vice President, Thought Leadership & Innovation Foundation...

Shawn Murphy writes, "The Limb Loss and Preservation Registry (LLPR) represents a pivotal development in patient care. It stands as the first collaborative database that unites hospital and health systems, provider organizations such as Accountable Care Organizations (ACOs), Integrated Delivery Networks (IDNs) and orthotic/prosthetic (O&P) practices, focusing on both upper and lower extremity acquired and congenital limb differences, as well as limb preservation populations. This collective effort has the potential to drive substantial advancements in patient outcomes, treatment effectiveness and care quality." Read to learn more.

It Takes an Ecosystem – Bringing Stakeholders Together is a Critical 1st Step to Solving Problems In Healthcare | By Andrew Cleeland, CEO, Fogarty...

Andrew Cleeland writes, "Introducing a new medical therapy or technology is a complex, expensive, and time-consuming journey, one that is fraught with significant risk. While innovation often starts with a clear, well-defined unmet clinical need, it must be paired with an equally compelling value proposition. My mentor, Dr. Thomas Fogarty, once said, “An idea, by itself, has no importance whatsoever; it is the implementation of that idea and its acceptance by others that brings benefit to our patients.” Read on.

Chemotherapy Starts With Scalp Cooling Treatment: The Path to Improved Access | By Claire Paxman, Director of Global Training of Paxman

Paxman writes, "When Real Housewives of Miami star Guerdy Abraira recently proclaimed “Chemo Starts Now” after shaving off her hair before starting her treatment for breast cancer in People Magazine1, this made me realize just how little the general public and even celebrities like Abraria know about the medical technology being utilized today, such as scalp cooling systems, to manage and prevent chemotherapy-induced hair loss." Read to learn more.

By using this website you agree to accept Medical Device News Magazine Privacy Policy