Confidentiality, Privacy and Security

PHI?

  • 1.  PHI?

    Posted 30 days ago

    ​If there is a spreadsheet with a patient identifier (not SSN), patient name, date of service, and account balance, would this be considered PHI and would it be considered a breach if it was disclosed inappropriately? If the date of service was NOT on the spreadsheet, would that change things?
    Thanks in advance!

     



    ------------------------------
    Kimberly Ohmann
    Associate Director
    ------------------------------


  • 2.  RE: PHI?

    Posted 28 days ago
    I would run it through a risk assessment, it could be low risk. The only way you know for sure is doing your risk assessment.
    Casey

    ---------------------------------
    Casey Bastemeyer
    Lead HIPAA & Coding Compliance Partner
    Ensign Group
    ---------------------------------





  • 3.  RE: PHI?

    Posted 27 days ago
    I agree a risk assessment is needed.  To whom was the information disclosed inappropriately?  Can you trust that the information would not be further disclosed by the unintended recipient?  Names and DOS are PHI elements so I would proceed carefully.

    ------------------------------
    Nancy Davis, MS, RHIA, CHPS
    Director of Compliance & Safety
    Door County Medical Center
    ------------------------------



  • 4.  RE: PHI?

    Posted 27 days ago
    Does the spreadsheet identify the covered entity or business associate? If it does then it's PHI. If not...well it might not be. I typically think of PHI as one identifier and whether the CE/BA is identified. But there is such variation among identifiers some introduce more risk than others.

    But I agree with Casey and Nancy, use an Omnibus 4 factor breach analysis and see exactly where you are in the context of the whole incident. I can share a breach analysis if you need one.

    ------------------------------
    Kelly McLendon, RHIA, CHPS
    Managing Director
    CompliancePro Solutions
    kmclendon@complianceprosolutions.com
    321-268-0320
    ------------------------------