Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

STERICYCLE, INC.

(SRCL)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Demystifying Protected Health Information: Understanding What It Is and What it Isn't

07/14/2021 | 05:29pm EDT

July 14, 2021

Demystifying Protected Health Information: Understanding What It Is and What it Isn't

Although Health Insurance Portability and Accountability Act (HIPAA) requirements and rules have been in effect for 25 years, confusion remains around some of the law's components. A frequent area of confusion is how healthcare organizations and other covered entities recognize, share, and safeguard protected health information (PHI). The following sections dig deeper into this topic and offer some compliance strategies to consider for your practice.

rn

What Is PHI?

rn

PHI is any health information that identifies an individual or that can be used to identify an individual, including the presence of any one of the 18 identifiers listed below in combination with identification of a healthcare business or provider. It can relate to:

rn
  • rn
  • A person's past, present, or future physical, health or condition
  • rn
  • The provision of healthcare to the individual
  • rn
  • The past, present, or future payment for the provision of healthcare to the individual
  • rn
rn

When covered entities and their business associates hold or transmit PHI via paper, electronic, and/or oral means, they must keep it both private and secure. In addition, they need to allow unimpeded flow of health information between care providers to enable coordinated, continued care along with quality, cost-effective treatment.

rn

What Are Covered Entities and Business Associates?

rn

In this context, a covered entity includes healthcare providers, health plans, and healthcare clearinghouses. Business associates are any companies that work directly with a covered entity and have access to PHI.

rn

How Do the HIPAA Privacy and Security Rules Relate to PHI?

rn

The HIPAA Privacy Rule establishes national standards for protecting PHI in all forms. It requires covered entities to create and implement a range of policies (upwards of 40 or 50) and sets limits on how PHI can be used or disclosed with and without patient authorization. It also gives patients the right to examine and obtain a copy of their health records and request corrections, among other rights. The HIPAA Security Rule governs electronic PHI specifically, whether it is at rest or in transit. It requires any organization that interacts with the data to establish administrative, physical, and technical safeguards, such as encryption and firewalls, to preserve information confidentiality, integrity, and security.

rn

How Can You Tell if Something Is PHI?

rn

One way to recognize PHI is to look for some combination of the following 18 identifiers:

rn
  1. rn
  2. Patient name
  3. rn
  4. Addresses (other than town, city, state, or zip code)
  5. rn
  6. Dates, other than year, which are directly related to an individual, including birth date, admission date, discharge date, date of death, and so on
  7. rn
  8. Telephone numbers
  9. rn
  10. Fax numbers
  11. rn
  12. Electronic mail addresses
  13. rn
  14. Social security numbers
  15. rn
  16. Medical record numbers
  17. rn
  18. Health plan beneficiary numbers
  19. rn
  20. Account numbers
  21. rn
  22. Certificate/license numbers
  23. rn
  24. Vehicle identifiers and serial numbers, including license plate numbers
  25. rn
  26. Device identifiers and serial numbers
  27. rn
  28. Web Universal Resource Locators (URLs)
  29. rn
  30. Internet Protocol (IP) address numbers
  31. rn
  32. Biometric identifiers, including finger and voice prints
  33. rn
  34. Full face photographic images and any comparable images
  35. rn
  36. Any other unique identifying number, characteristic, or code
  37. rn
rn

The last identifier is a catch-all that encompasses an unlimited number of other identifying characteristics. This leaves room for interpretation when determining whether a piece of information is PHI. Organizations should think carefully about any potential identifiers and make sure to protect information that house these, even if the identifiers fall outside the first 17 categories.

rn

Do All 18 Identifiers Need to Be Present to Categorize the Data as PHI?

rn

Most of the time, only one identifier must be present to consider data PHI. Exceptions are zip codes and birthdates, which require other identifiers to be present. Note that a zip code-birth date combination can be considered PHI, since there is enough information between the two data points to possibly identify an individual.

rn

When I Receive a Request for Patient Information, Should I Send the Patient's Entire Medical Record?

rn

HIPAA strongly encourages covered entities and business associates to make reasonable efforts to use the minimum amount of PHI necessary. For example, an organization may not use, disclose, or request an entire patient medical record unless the entire medical record is specifically justified. Uses or disclosures that involve more information than necessary and that have not been authorized by the patient may qualify as privacy breaches under the Final Omnibus HIPAA privacy rules.

rn

What are the Training Requirements Associated with PHI?

rn

Staff should be trained on how to recognize, safeguard, and secure PHI. Best practice is that organizations offer comprehensive training to new staff during orientation and annual refresher courses to current staff. PHI-specific insights can be woven into overall HIPAA compliance training at any point. Quarterly reminders, tips offered during staff meetings, and articles in company newsletters can also be helpful to ensure staff retain information and apply it to their daily work. Online trainings that staff can access at their convenience can be especially beneficial as these offerings often document training and highlight areas where further instruction is needed.

rn

Learn more on how Stericycle can help you and your staff navigate the nuances of PHI, and help keep your organization secure.

rn'}}' id='text-3a32ce21f2' class='cmp-text'>

Although Health Insurance Portability and Accountability Act (HIPAA) requirements and rules have been in effect for 25 years, confusion remains around some of the law's components. A frequent area of confusion is how healthcare organizations and other covered entities recognize, share, and safeguard protected health information (PHI). The following sections dig deeper into this topic and offer some compliance strategies to consider for your practice.

What Is PHI?

PHI is any health information that identifies an individual or that can be used to identify an individual, including the presence of any one of the 18 identifiers listed below in combination with identification of a healthcare business or provider. It can relate to:

  • A person's past, present, or future physical, health or condition
  • The provision of healthcare to the individual
  • The past, present, or future payment for the provision of healthcare to the individual

When covered entities and their business associates hold or transmit PHI via paper, electronic, and/or oral means, they must keep it both private and secure. In addition, they need to allow unimpeded flow of health information between care providers to enable coordinated, continued care along with quality, cost-effective treatment.

What Are Covered Entities and Business Associates?

In this context, a covered entity includes healthcare providers, health plans, and healthcare clearinghouses. Business associates are any companies that work directly with a covered entity and have access to PHI.

How Do the HIPAA Privacy and Security Rules Relate to PHI?

The HIPAA Privacy Rule establishes national standards for protecting PHI in all forms. It requires covered entities to create and implement a range of policies (upwards of 40 or 50) and sets limits on how PHI can be used or disclosed with and without patient authorization. It also gives patients the right to examine and obtain a copy of their health records and request corrections, among other rights. The HIPAA Security Rule governs electronic PHI specifically, whether it is at rest or in transit. It requires any organization that interacts with the data to establish administrative, physical, and technical safeguards, such as encryption and firewalls, to preserve information confidentiality, integrity, and security.

How Can You Tell if Something Is PHI?

One way to recognize PHI is to look for some combination of the following 18 identifiers:

  1. Patient name
  2. Addresses (other than town, city, state, or zip code)
  3. Dates, other than year, which are directly related to an individual, including birth date, admission date, discharge date, date of death, and so on
  4. Telephone numbers
  5. Fax numbers
  6. Electronic mail addresses
  7. Social security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including finger and voice prints
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code

The last identifier is a catch-all that encompasses an unlimited number of other identifying characteristics. This leaves room for interpretation when determining whether a piece of information is PHI. Organizations should think carefully about any potential identifiers and make sure to protect information that house these, even if the identifiers fall outside the first 17 categories.

Do All 18 Identifiers Need to Be Present to Categorize the Data as PHI?

Most of the time, only one identifier must be present to consider data PHI. Exceptions are zip codes and birthdates, which require other identifiers to be present. Note that a zip code-birth date combination can be considered PHI, since there is enough information between the two data points to possibly identify an individual.

When I Receive a Request for Patient Information, Should I Send the Patient's Entire Medical Record?

HIPAA strongly encourages covered entities and business associates to make reasonable efforts to use the minimum amount of PHI necessary. For example, an organization may not use, disclose, or request an entire patient medical record unless the entire medical record is specifically justified. Uses or disclosures that involve more information than necessary and that have not been authorized by the patient may qualify as privacy breaches under the Final Omnibus HIPAA privacy rules.

What are the Training Requirements Associated with PHI?

Staff should be trained on how to recognize, safeguard, and secure PHI. Best practice is that organizations offer comprehensive training to new staff during orientation and annual refresher courses to current staff. PHI-specific insights can be woven into overall HIPAA compliance training at any point. Quarterly reminders, tips offered during staff meetings, and articles in company newsletters can also be helpful to ensure staff retain information and apply it to their daily work. Online trainings that staff can access at their convenience can be especially beneficial as these offerings often document training and highlight areas where further instruction is needed.

Learn more on how Stericycle can help you and your staff navigate the nuances of PHI, and help keep your organization secure.

Disclaimer

Stericycle Inc. published this content on 14 July 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 14 July 2021 21:28:04 UTC.


ę Publicnow 2021
All news about STERICYCLE, INC.
09/17STERICYCLE : Observing Hispanic Heritage Month | Stericycle
PU
09/08STERICYCLE : Celebrates Custodial Professionals During Environmental Services Week
PU
09/07MEDDROP™ SOLUTION : Sustainability Product of the Year
PU
09/07STERICYCLE : MedDrop™ Solution Earns Sustainability Product of the Year Award from t..
PU
09/03STERICYCLE : Training Industry Honors Stericycle as a 2021 Watch List Company
PU
08/24STERICYCLE : Named a 2021 Watch List Company by Training Industry
PU
08/19STERICYCLE : Engaging Team Members, Customers, and Patients Is Key to Stericycle's Brand P..
PU
08/19STERICYCLE : People Are Stealing Information Out of Trash Cans
PU
08/18SUBPART U : OSHA's New COVID-19 Healthcare Emergency Temporary Standard: 5 Tips to Help Yo..
PU
08/11STERICYCLE : Protecting Health and Well-Being Is Stericycle's Mission
PU
More news
Analyst Recommendations on STERICYCLE, INC.
More recommendations
Financials (USD)
Sales 2021 2 692 M - -
Net income 2021 90,8 M - -
Net Debt 2021 1 546 M - -
P/E ratio 2021 68,3x
Yield 2021 -
Capitalization 6 263 M 6 263 M -
EV / Sales 2021 2,90x
EV / Sales 2022 2,73x
Nbr of Employees 14 700
Free-Float 99,9%
Chart STERICYCLE, INC.
Duration : Period :
Stericycle, Inc. Technical Analysis Chart | SRCL | US8589121081 | MarketScreener
Technical analysis trends STERICYCLE, INC.
Short TermMid-TermLong Term
TrendsNeutralBearishNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 12
Last Close Price 68,14 $
Average target price 76,38 $
Spread / Average Target 12,1%
EPS Revisions
Managers and Directors
Cindy Jayne Miller President, CEO, COO & Director
Janet H. Zelenka EVP, Chief Financial & Information Officer
Robert S. Murley Independent Chairman
Michael S. Weisman Chief Ethics & Compliance Office & Executive VP
Michael S. Zafirovski Independent Director
Sector and Competitors
1st jan.Capi. (M$)
STERICYCLE, INC.-1.66%6 263
WASTE CONNECTIONS, INC.25.83%33 622
SUEZ21.36%14 743
GFL ENVIRONMENTAL INC.26.81%12 149
CHINA CONCH VENTURE HOLDINGS LIMITED-6.76%8 245
CLEANAWAY WASTE MANAGEMENT LIMITED14.47%3 991