Is An Email Address Considered PHI?

Is it a Hipaa violation to email Phi?

HIPAA does not prohibit the electronic transmission of PHI.

It is not a HIPAA violation to email patient names per se, although patient names and other PHI should not be included in the subject lines of emails as the information could easily be viewed by unauthorized individuals..

Can I talk about patients without saying their name?

HIPAA violation: yes. … However, even without mentioning names one must keep in mind if a patient can identify themselves in what you write about this may be a violation of HIPAA. HIPAA violation: potentially yes if someone can identify it is them and prove it. So, technically yes but proving it would be difficult.

What email services are Hipaa compliant?

All of the following providers offer a HIPAA-compliant email service and are willing to sign a business associate agreement.Hushmail for Healthcare.VM Racks.NeoCertified.Paubox.MailHippo.Virtru.Atlantic.LuxSci.More items…•

Which items are considered PHI?

The 18 PHI IdentifiersName.Geographic locators.Dates.Fax numbers.Phone numbers.Email id.Social Security numbers.Medical record numbers.More items…•

Is gender considered PHI?

Health information including diagnoses, treatment information, medical test results, and prescription data are thought of as protected health information under HIPAA, as are national identification numbers and demographic details including dates of birth, gender, ethnicity, and contact and emergency contact data.

Is patient name alone considered PHI?

Pursuant to 45 CFR 160.103, PHI is considered individually identifiable health information. A strict interpretation and an “on-the-face-of-it” reading would classify the patient name alone as PHI if it is in any way associated with the hospital.

What information is not included in PHI?

It does not include information contained in educational and employment records, that includes health information maintained by a HIPAA covered entity in its capacity as an employer. PHI is only considered PHI when an individual could be identified from the information.

What data is Phi?

Protected health information (PHI), also referred to as personal health information, generally refers to demographic information, medical histories, test and laboratory results, mental health conditions, insurance information, and other data that a healthcare professional collects to identify an individual and …

When can you use or disclose PHI?

Generally speaking, covered entities may disclose PHI to anyone a patient wants. They may also use or disclose PHI to notify a family member, personal representative, or someone responsible for the patient’s care of the patient’s location, general condition, or death.

Is it a Hipaa violation to say someone is your patient?

While it may seem harmless if a name is not mentioned, someone may recognize the patient and know the doctor’s specialty, which is a breach of the patient’s privacy. Make sure all employees are aware that the use of social media to share patient information is considered a violation of HIPAA law.

What email is Hipaa compliant?

There are several services you can use to make Gmail HIPAA compliant, including but not limited to: Virtru, RMail, LuxSci, Identillect, and Zix. You can learn more about those here. G Suite is the paid version of Gmail.

What is considered PHI under Hipaa?

Protected Health Information The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information (PHI)2.

What is the best example of PHI?

Examples of PHI Dates — Including birth, discharge, admittance, and death dates. Biometric identifiers — including finger and voice prints. Full face photographic images and any comparable images.

What are some common identifiers of PHI?

The 18 HIPAA IdentifiersName.Address (all geographic subdivisions smaller than state, including street address, city county, and zip code)All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)Telephone numbers.More items…