Standards for Privacy of Individually Identifiable Health Information
 | Safeguarding Patient Rights United States HIPAA privacy requirements apply nationally to health information created or maintained by healthcare providers who engage in certain electronic transactions involving health plans, and healthcare clearinghouses. The regulation is known as:
|
The Privacy Rule
The Privacy Rule establishes minimum standards and implementation requirements that Covered Entities must follow to ensure the privacy of "protected health information" (PHI). PHI refers to any "individually identifiable health information" that is transmitted or maintained in electronic media or in "any other form or medium," including:
| |  |  |  | Records maintained on computers | Paper records | Information received in conversation |
| | |
|
What is PHI?
PHI is individually identifiable health information, including demographic information, that is "...created or received by a [Covered Entity] and relates to the past, present, or future physical or mental health or condition of an individual, the provision of healthcare, or … payment for the provision of healthcare to an individual."
What are Covered Entities?
Covered Entities are organizations subject to the Privacy Rule including:
- Health Plans - any individual or group plan that provides, or pays the cost of, medical care.
- Healthcare Providers - a provider of medical and other health services, and any person or organization who furnishes, bills, or is paid for healthcare in the normal course of business.
- Healthcare Clearinghouses - Organizations that process healthcare claims or communicate data between providers and payers.
Covered Entities are allowed to disclose PHI to other organizations or individuals to perform functions on their behalf. These Business Associates would not be permitted, under contractual obligation, to use or disclose the PHI in ways that would not be permitted of the Covered Entity itself.
The Philips Focus
Philips Healthcare has a comprehensive, partnership-oriented approach to product security, helping its customers with prevention, response, and compliance issues. To achieve this, we have developed:
- HIPAA training for our technical service staff.
- An accepted, industry-wide Business Associate process.
- Internal processes for handling the receipt and de-identification of patient information.
- Technical solutions for securing the privacy of electronic patient information.
Need to Know More?