|
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a rule that protects the privacy of an individual's identifiable health information, known as Protected Health Information (PHI).
PHI includes information about health status, health care, or payment for healthcare that can be linked to a specific individual. You must password protect/secure or encrypt all documents that contain PHI.
When you email a password protected or encrypted document, do not put any PHI in the subject line of the email. Remember to send passwords to the encrypted or secure documents in a separate correspondence.
- Documents that contain confidential information such as PHI, Social Security numbers and so forth must be encrypted before attaching to email that will go over the Internet.
- Encryption "scrambles" the document's data, requiring a key or password to unscramble and view the document.
- An encrypted document may be securely transmitted using email.
- General email is not encrypted, unless you have specialized encryption software; therefore, confidential information must never be included in an email message body.
Restricted data include any and all information that relates to the:
- Past, present, or future physical or mental health or condition of an individual
- Provision of health services to an individual
- Past, present, or future payment for the provision of health services to an individual
Identifiers that may be considered restricted include, but are not limited to, the following:
Names;
Dates of birth;
Postal/residential address information;
Latitude and longitude of street address;
Telephone numbers;
Fax numbers;
Electronic mail (email) addresses;
Social security numbers;
Medical record numbers;
Health plan beneficiary numbers;
Account numbers; and
Vehicle identifiers and serial numbers, including license plate numbers.
Find more information about PHI on the HIPAA.com website.
| 
