Your SlideShare is downloading. ×
What is PII (HIPAA protected) information and what's not!?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

What is PII (HIPAA protected) information and what's not!?

226
views

Published on

You know you have to be HIPAA compliant, but what information do you need to protect? Can you have just a first name & last name initial? NO!! Check out this detailed list of what needs to be …

You know you have to be HIPAA compliant, but what information do you need to protect? Can you have just a first name & last name initial? NO!! Check out this detailed list of what needs to be protected and what doesn't - and help maintain vital HIPAA compliance!!

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
226
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. What is PII (personally identifiable information) and what isn’t? According to the U.S. Office of Management and Budget, PII – or personally identifiable information – is any information that can be used to uniquely identify, contact or locate an individual, or can be used with other sources to uniquely identify a person. Sensitive PII is that which, when disclosed, could result in harm to the individual whose name or identity is linked to the information. In determining whether or not PII is sensitive (and therefore subject to HIPAA laws of privacy), the context in which the information is used must be taken into consideration. For example, a list of subscribers to a government newsletter is not PII; a list of people receiving treatment for mental health disorders is. As well as the consideration of context, the association of PII elements can create the need for protection: for example, an individual’s name would be considered sensitive PII when grouped with their mother’s maiden name and date of birth, but these elements wouldn’t be considered sensitive independent of one another. The following types of PII are considered sensitive when they are associated with an individual and must be protected when electronically submitted:         Place of birth Date of birth Mother’s maiden name Biometric information (identification of humans by their characteristics or traits) Medical information Personal financial information Credit card or purchase card account numbers Passport numbers “87% of the US population can be uniquely identified using only gender, date of birth and zip code.” Your flexible, comprehensive EHR solution! www.pimsyemr.com hello@pimsyemr.com 877.334.8512
  • 2.    Potentially sensitive employment information, such as disciplinary actions or personnel ratings Criminal history Any information that may stigmatize or adversely affect a person What is considered sensitive PII and what isn’t? (This list is not exhaustive, and other data may be sensitive depending on specific circumstances.) Social security numbers (SSNs), including abbreviated SSNs that utilize only the last four digits, are considered sensitive regardless of whether or not they’re associated with an individual. The following types of PII may be transmitted electronically without protection because they are not considered sufficiently sensitive to require protection:       “HIPAA and HITECH enable fines of up to $1.5 million per year for a breach of healthcare records.” Work, home, and cell phone numbers Work and home addresses Work and personal email addresses Resumes that don’t contain a SSN or where the SSN is obscured General background information about individuals found in resumes and biographies Position descriptions and performance plans without ratings The determination that PII is non-sensitive does not mean that it is publicly releasable. The choice to publicly release any information can only be made by the official authorized to make such decisions. The electronic transmission of non-sensitive PII is equivalent to transmitting the same information via U.S. mail, a private delivery service, courier, fax or voice. Although each of these deliveries has vulnerabilities, the transmitted information can only be compromised as a result of theft, fraud, or other illegal activity. Your flexible, comprehensive EHR solution! www.pimsyemr.com hello@pimsyemr.com 877.334.8512