PHI is health information that contains one or more of the following identifiers:
a. Names of individuals and relatives
b. Postal addresses
c. All elements of dates, like birthdates
d. Telephone and fax numbers
e. E-mail addresses
f. Social Security and Medicare numbers
g. Medical Record numbers
h. Account numbers
HIPAA regulations define the standards required for securing PHI.
a. Administrative safeguards refer to policies and procedures created to manage and maintain security measures to protect protected health information.
b. Minimize the risk of unauthorized access to PHI by following physical security practices in a workplace.
c. Keep PHI out of clear view from the public (desks, copiers/fax machines) and stored in secure areas.
d. Dispose of documents and electronic media containing PHI in secured containers or by shredding.
e. Physically secure a laptop and other mobile equipment in locked drawers or by other appropriate means.
f. Never leave a laptop or smart phone unattended in a car or when traveling. Treat a laptop or smart phone like cash.
g. Keep office doors and cabinets containing PHI locked.
h. Do not allow anyone to follow you into a secure location.
i. Only discuss PHI in private settings to avoid eavesdropping.
j. When accessing, storing, and/or transmitting PHI on computers, smart phones, USB drives, and other electronic devices, follow procedures related to:
i. Accessing only secured networks.
ii. Encrypting e-mail and files containing PHI.
iii. Using strong passwords.
iv. Avoiding sending PHI in the clear (to a public email boxes like Gmail, MSN, Verizon).