On today’s medical landscape, protected health information (PHI) is shared instantaneously between doctors and other healthcare providers to improve the continuum of patient care. We’ve come a long way from the time when the first physicians collaborated on how to best care for their patients. Fortunately, some of the principles they lived by continue to guide today’s doctors.
Modern medicine is often traced back to the time of the ancient Greeks and Hippocrates. Medical texts including Of the Epidemics, written around 500 and 400 B.C.E., provide the context of the principle, “first do no harm.”
“The physician must be able to tell the antecedents, know the present, and foretell the future—must mediate these things, and have two special objects in view with regard to disease, namely, to do good or to do no harm.”
It’s not likely that these early doctors would have predicted a future in which patient care often relies on energy passing through cords to machines that pump a heart, provide air to the lungs, and keep track of vital information about patients.
While the time and the landscape on which medicine is practiced has gone through meteoric changes, the basic principles of doing good and doing no harm still guide the practiced hands of physicians. But in today’s world, these principles expand beyond the scope of hands-on patient care. With the use of technology to keep patient records and health history, medical practitioners are also responsible for keeping protected medical information secure.
While healthcare and patient privacy get ever more complicated, training everyone on your urgent care staff about the importance of privacy is key to doing no harm.
When you mix patient identifiable information and health information, you have PHI.
According to the U.S. Department of Health and Human Services (HHS), health information is oral and recorded information created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse that relates to the past, present, or future physical or mental health or condition of any individual, or the past or future payment for the provision of health care to an individual.
Health plan and insurance data
Individually identifiable health information, says HHS, is a subset of health information, including demographic information collected from an individual, and along with the above, identifies the individual or can (reasonably) be used to identify an individual.
One of the key reasons electronic health records are so important to doctors is the ease in which they can be shared between caregivers, but they should never be shared haphazardly. A key protection of the HIPAA Privacy Rule is the minimum necessary standard: “protected health information should not be disclosed when it is not necessary to satisfy a particular purpose or carry out a function.”
Assessing your processes and protocols is an important first step to ensuring you are properly handling PHI. It will allow you to find any areas that need improvement and resolve them.
Extensive training comes next. Everyone in your clinic has a responsibility to upholding HIPAA guidelines, and more importantly, taking good care of your patients’ sensitive information as well as their health.
Sharing PHI on a need-to-know basis is a critical component to staying compliant. This is essential when communicating both outside and inside your clinic. The following ten (simple) tips will help you stay compliant.
Technology plays a vital role on today’s healthcare landscape. As physicians and caregivers, the responsibility to do no harm extends far beyond what Hippocrates and his colleagues could ever have imagined and into the global information network. Tomorrow’s healthcare professionals will look to you and your legacy for guidance as they also assume responsibility for patients far into the future. What they will see is up to you.