Protected health information – or PHI – is any health-related information that can be tied to an individual or patient related to their past, present, or future health status. Any PHI created, collected, stored, transmitted, or maintained by healthcare providers and companies in the healthcare sector is regulated in the United States under the HIPPA Privacy Rule, part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected heath information may be used or disclosed by covered entities such as health care providers, insurers, and their business associates. Legislation also imposes fines when breaches occur due to improperly protecting patient PHI data.
The Health Information Technology for Economic and Clinical Health Act (HITECH) increases civil penalties for a violation of HIPAA data security and requires breach notification if PHI data is lost or stolen. Identity theft from stolen PHI data is on the rise, and data breaches continue to impact hospitals, insurance companies, and other healthcare-related enterprises – all while electronic patient records containing PHI data become more common. This could spell disaster for enterprises that are not well prepared.
EncryptRIGHT not only helps protect PHI data with application level encryption, data masking, and tokenization, but it can also limit the exposure of PHI if a breach occurs – removing the need for notification under HITECH and protecting PHI where it is most at risk.