EncryptRIGHT Protects Health Information
Healthcare facilities and companies that store and use protected health information, commonly known as PHI, are feeling the pressure to improve their PHI data security. This pressure is caused by four factors:
- Identity theft from PHI is increasing
- Hospitals are experiencing PHI breaches on a regular basis
- An electronic patient record system is quickly becoming a reality
- Breaches can result in significant fines if PHI data is not protected
There are several ways to reduce the risk of exposing PHI to shady individuals. Data encryption is the most secure option you have, and with Prime Factors' EncryptRIGHT® , you can easily encrypt the most sensitive PHI such as social security numbers without disrupting operations. EncryptRIGHT includes tokenization, central key management, auditing and compliance reporting all for one price.
PHI was defined in in the Privacy Rule, which was implemented to bolster the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). It for the first time sets national standards for the protection of certain health information.
The purpose of the Privacy Rule is to define and limit the circumstances in which an individual's protected heath information may be used or disclosed by covered entities such as health care providers, insurers and their business associates. New legislation goes a step further by imposing fines when breach occurs because PHI was not protected properly.
The Health Information Technology for Economic and Clinical Health Act (HITECH) increases civil penalties for a violation of HIPAA, and requires breach notification if PHI is lost or stolen. By encrypting PHI, breach notification is not required.
PHI generally refers to demographic information, medical history, test and laboratory results, insurance information and other data that is collected by a health care professional to identify an individual and determine appropriate care. According to HIPAA, the following list of 18 identifiers must be treated with special care:
- All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census:
- The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and
- The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
- Dates (other than year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
- Phone numbers
- Fax numbers
- Electronic mail addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)
Learn more about EncryptRIGHT.