PHI – Protected Health Information
PHI, Protected Health Information, is used within HIPAA to describe the type of information that must never be seen by unauthorized individuals.
PHI not only refers to medical information contained in patient files, but also to any note, document or record related to a patient’s treatment, including lab and insurance reports, billing and coding information, appointment times, notes and phone messages. It includes anything that could disclose any information about a patient’s relationship with the practitioner. The laws are becoming more and more broad as to what constitutes PHI.
HIPAA Requirements
- Conduct a risk analysis to determine the vulnerability of electronic protected health information (PHI) to loss or theft, and document that they have done so.
- Create and review policies and procedures for what to do if PHI is lost, stolen, or inappropriately disclosed.
- Train employees on policies, procedures and protocol as it relates to PHI and HIPAA.
- Review contracts with vendors and other “business associates” that have access to PHI to ensure that the vendors have proper safeguards in place to secure patient PHI.
- HIPAA Compliance Solution
SecureMed is your solution to providing secure, on-site document destruction. Our goal is to offer solutions for your organization that lower costs and manage risk.
1. Lower Costs/Increased Employee Productivity
If your office is really destroying everything it should, outsourcing destruction is less expensive than operating an office shredder. Office shredders are slow, inefficient, and require employee time. We make shredding easy and simple, which allows employees the freedom to concentrate on their core job duties. It also eliminates the worry that employees are improperly disposing of confidential documents to avoid spending time hand-feeding the office shredder. SecureMed offers compliance resources that would otherwise cost you hundreds of dollars.
2. Compliance and Risk Management
Hiring a qualified shredding vendor provides your office with a record of compliance. Even if your employees shred everything they should be shredding, you have no proof that it happens regularly. A receipt from a shredding service, called a Certificate of Destruction, gives you a compliance audit trail, which is part of your proof of HIPAA compliance. Ultimately, the advantages of a qualified shredding vendor are that employees are more likely to comply with the destruction program, you have an audit trail to back it up, and it costs less than destroying information yourself.
For more information or for a quote, please contact us by phone or send us a note.