SurgicalPerformance is required by Health Insurance Portability and Accountability Act (HIPAA, 1996) to ensure the privacy and security of all "Protected Health Information" (PHI) entered by its users. This Policy is intended to guide the rigorously implementation of all relevant HIPAA-mandated requirements.
Protected Health Information (PHI) is any individually identifiable health information that can be linked to a particular person. It includes all information that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment. This information can relate to:
Health information that does not identify an individual or that cannot be used to identify an individual is not PHI, but great rigor is required to confirm that no identifier is present in the dataset. For example, a dataset of vital signs by themselves do not constitute Protected Health Information. However, if the vital signs dataset includes medical record numbers, then the entire dataset must be protected since it contains an identifier.
The following data elements have been specifically identified in the regulation as being "identifiers." When a medical record or result contains or is associated with any of these elements, it may be traceable back to the person associated with that record.
Any document or communication containing health information created, received, maintained, or transmitted by or for any of the HIPAA Covered Components is covered by HIPAA if it includes any of these elements:
By design, the PHI data in SurgicalPerformance is limited. The only fields that relate to PHI are:
HIPAA contains both a Privacy Rule and a Security Rule. Both domains are distinct but go hand-in-hand.
Privacy relates to the right of an individual to control the use of his or her personal information. PHI should not be divulged or used by others without the patient's consent. The HIPAA Privacy Rule covers the confidentiality of PHI in all forms and formats including electronic, paper and oral. Confidentiality is an assurance that the information will be safeguarded from unauthorized use and disclosure.
Security is a mechanism used to protect the privacy of information. The HIPAA Security Rule focuses on administrative, technical and physical safeguards specifically as they relate to electronic PHI (ePHI). Protection of ePHI data from unauthorized access, alteration, loss or destruction, whether external or internal, stored or in transit, is all part of the HIPAA Security Rule.