Explain the principles of PHI.

Explanation should include knowledge of

• individually identifiable health information
• demographic data that can identify the individual’s past, present, or future physical or mental health or condition
• common identifiers (e.g., name, address, birth date, Social Security number)
  
  
• Privacy Rule, which protects all individually identifiable health information held or transmitted by a covered entity or business associate, in any form (i.e., electronic, paper, oral)
• provisions of health care to the individual
• past, present, or future payment for the provision of health care to the person
• individually identifiable health information including many Privacy Rule excludes from PHI employment records that a covered entity maintains related to employer, education, and certain other records per the Family Educational Rights and Privacy Act (FERPA) (https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html Links to an external site.). 
• de-identified health information which has no restrictions on the use or disclosure
• de-identified information which neither identifies nor provides a reasonable basis to identify a person
• two ways to de-identify information
• formal determination by a qualified statistician
• removal of specified identifiers of individual, family members, household members, and employer.

Process/Skill Questions:

• What forms of media are covered under the Privacy Rule?
• Who can release health information?
• How can payment history affect patient care?
• What are the individual identifiers under PHI?
• What is de-identified health information?
• How does one de-identify PHI?