PHI Basics
This law protects patient health information
Before disclosing PHI, you must confirm at least this many identifiers.
UPMC: 4
Legally:2
Calling a patient to remind them of an appointment is allowed, but you must avoid including this detail.
Specialist or Diagnosis
Lock/Log out
True or False: Supervisors may listen to calls containing PHI for quality assurance
True
Name 2 examples of PHI
DOB/Address/SSN/Medical ID number, Phone Number
True or False: A patient's SSN by itself is enough to verify identity
False
PHI can only be emailed this way
Leaving PHI on your desk in plain sight is a violation of this
Physical Safeguards (HIPAA)
A member requests their call recordings. Do they have the right to them?
Yes, if they contain PHI
PHI includes this type of audio content if it contains patient identifiers
Call recordings
A spouse is the Head of household but not on the HIPAA form. Can they receive PHI?
NO
Posting about a member on social media without identifiers is still a violation if this is implied.
Diagnosis or condition
Using speakerphone in a shared office risks this
unauthorized disclosure of PHI
A coworker asks you to pull up their neighbor's record out of curiosity. You should respond:
No, that is a HIPAA violation
This type of individual can access a patient's PHI if legally authorized, such as power of attorney or court order.
Personal representative
under HIPAA, providers can share PHI with family or friends only if this condition is met
This HIPAA safeguard includes passwords, encryption and secure logins
Technical safeguards
If a member refuses to verify their identity but demands PHI, the correct action is this.
Politely refuse disclosure and explain verification is required under HIPAA