If you think that the data you collect through your forms is just data, then think again. This data may be used to identify or trace a person‘s identity. PII and PHI are the terms and you must be aware of the difference.
Personally identifiable information or PII must be collected with caution and security to avoid infringing on the data privacy law. The most common personal data breach involves the abuse of this kind of data.
A HIPAA-compliant healthcare network guarantees patient information remains secure from illegal entry.
HIPAA Data Classification: PII and PHI
The key in achieving HIPAA Compliance is understanding the definition and difference between these two widely interchangeable terms: PII and PHI.
PII (Personally Identifiable Information) pertains to general information used to identify or locate someone. GDPR in the EU treats personal data sensitively. The data privacy law can fine businesses that have proven to fail its requirements. Want to know how your form can safeguard this data? Check this out!
In most medical cases, PII includes health information. Health information reflects past, present, and future health (physical/mental) conditions related to reimbursement for healthcare services. PHI or Protected Health Information (also called ePHI when stored or communicated electronically) is health-related PII. All data about an individual owned, possessed, or maintained by a HIPAA-covered entity falls under the meaning of protected health information (until it has been de-identified) according to the regulations. De-identification of health information occurs when PHI cannot be utilized to identify individuals.
The following identifiers (PII), when together with health information about that person, form the HIPAA data- protected health information (PHI):
- Names
- Geographical identifiers
- Dates directly related to an individual
- Phone and Fax Numbers
- Email addresses
- Social Security numbers
- Medical records statistics
- Health plan beneficiary numbers
- Account Summary
- Certificate/license numbers
- Vehicle license plate number
- Device serial numbers
- Web URL and IP number
- Body identifiers
- Full-face photograph and any similar image
HIPAA Privacy for Email
“I need to transmit a patient record via email, but I’m worried this will be a HIPAA violation.”
Much has been disputed involving data privacy compliance for email. Email security laws require messages to be protected while in transit if they contain PII or electronic personal health information (ePHI) and are forwarded outside of the protected internal email system. Personal identifiers should never be sent unless complying with transit security mandated by data privacy acts like HIPAA. Encryption is one of the most important safeguards.
PHI traveling across the internet is one of the most unsafe data transfers as far as the HIPAA context concerns. To ascertain HIPAA compliance for e-mail, only use online data collection forms that follow the HIPAA standards. EmailMeForm is a HIPAA compliant form builder that grants each form the confidence to collect and process health information. Each form is eligible to display the HIPAA compliant logo too.Since electronic transmission of PII/PHI requires encryption, all data fields you create in your form are encrypted by default. HIPAA compliant EmailMeForm allows you to automatically add encrypted fields to reduce the risk of “forgot to encrypt” instances. Don’t worry though, full control of your form is still in your hands. The encryption of each field is your decision anyway!Bottom line: Businesses MUST ALWAYS conduct a risk analysis. As early as possible, outline safeguards to maintain the privacy of personal information.
Learn more about how EmailMeForm’s HIPAA Compliance protects health information. You can contact us for more information.