Let’s just start off this blog by saying, we’re not going to solve the legal question here or today. However, it is a very important topic to understand. Here’s my feeble attempt to help covered entities (CEs) and business associates (BAs) think about PHI in a new way.
- PHI at its core is the patient’s data.
- It is to be used to provide healthcare services to the patient and keep them healthy and prevent medical injury or death.
- The Healthcare industry is supposed to make it readily available and easily transportable.
- The Healthcare industry is responsible for protecting it from corruption, loss or theft.
- The doctor’s diagnosis and notes could be considered the doctor’s information; however, if that data is needed for proper patient care, then it really is the patient’s data.
- In short, PHI belongs to the patient, not the provider.
- The covered entity and business associates are the curators of the PHI, charged with protecting it and making it available when needed.
Because covered entities and business associates are legally responsible for protecting PHI and making PHI available when needed, it is EXTREMELY important for them to take steps to do just that, protect it from corruption, loss or theft. That is what HIPAA compliance is about. Simply do what every well run business should be doing to protect their customers (or patients).
Protect your patients, protect your practice, protect yourself.
If you want to know where you stand with your HIPAA compliance take the free HIPAA Quick-Check.
Third Rock would strongly suggest you use a Compliance Management Platform to build the required body of evidence, reduce the work load, increase compliance, simplify electronic reporting and save money while working to become HIPAA compliant. Check out CompassDB™ at http://compassdb.com/.