Under the Health Insurance Portability & Accountability Act (HIPAA), Protected Health Information is any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity. It is not only your past and current health information, but also future information about medical conditions or physical and mental health related to the provision of care or payment for care. The information can be in any form, including physical records, electronic records, or spoken information. Essentially, it includes any health information that can be tied to you, including:
- full or last name and initial
- all geographical identifiers smaller than a state, except for the initial three digits of a zip code
- dates (other than year) directly related to an individual
- phone numbers
- fax numbers
- email addresses
- social security numbers
- medical record numbers
- health insurance beneficiary numbers
- account numbers
- certificate/license numbers
- vehicle identifiers (including serial numbers and license plate numbers)
- device identifiers and serial numbers
- web uniform resource locators (URLs)
- internet protocol (IP) address numbers
- biometric identifiers, including fingerprints, retina & iris patterns and voice prints
- full face photographic images and any comparable images
- any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data
How We Use & Disclose Your PHI
Health information generally refers to information about your past or present health status, condition, diagnosis, treatment, prognosis, or payment for health care.
Before we use or disclose your Protected Health Information (PHI), you must give us your written authorization. We may use your or disclose your PHI to:
- Assist in the planning and developing of your Care Plan to ensure the services and care provided will meet your functional needs
- Determine the skills required to provide the services you need (e.g. skilled services such as Nursing, Physiotherapy) or (e.g., non-skilled services such as Personal Care, Respite, Homemaking)
- Refer you to another Service Provider if we are unable to deliver, or do not offer, the services that your health and functional condition(s) require (e.g., 24-hour care, skilled nursing services)
- Refer you to a Medical Professional when specialized services are indicated (e.g., Medical Practitioner, Registered Nurse, Occupational Therapist)
- Report changes in your condition to an appropriate person (e.g., Supervisor, Registered Nurse, Medical Practitioner)
- Determine the service charges for the type(s) of care and services you need
- Obtain payment, where applicable, from your Insurance Plan (e.g., we may need to disclose your diagnosis, treatment and supplies used for billing purposes)
- Contact you by phone, address or other means, which you have provided:
- for operational purposes (e.g., schedule changes, appointment reminders, welfare checks, billing issues)
- to inform you about related benefits, services and treatment options.
- Disclose your medical information to family members or others who are involved in your care or payment for your care.
You may cancel your written authorizations at any time by notifying your assigned CareSphere case manager
Refer to the Notice of Privacy Practices for more details about how we use and disclose your PHI information.
How We Secure Your Protected Health Information
To ensure the confidentiality, integrity, and availability of your Protected Health Information we have implemented physical, technical and administrative security safeguards to protect your PHI against reasonably anticipated threats.
All files are stored in a HIPPA compliant, Encrypted EMR system. Our servers have a strong firewall that is closely monitored by our IT company.
We keep our physical records and electronic devices under lock and key
We implement access controls to limit who can view PHI information and security awareness training
How You Can Access Your Protected Health Information
- You have the right to inspect and/or obtain copies of a broad selection of your PHI including:
- medical records
- billing and payment records
- insurance information
- clinical laboratory test results
- medical images such as X-rays
- wellness & disease management files
- clinical case notes
- There are certain types of PHI that you cannot access including:
- PHI that is not part of your personal record;
- the personal notes made by a mental health care provider a counsellor summarizing a counselling session
- documentation that is expected to be required for legal purposes (e.g., a civil, criminal, or administrative action or proceeding)
- You may submit a request to access your PHI by emailing email@example.com
- We may, at our discretion, verify your identity or the identify of your representative before making this information available. Verification may be done in-person, orally or in writing.
- Your request will be processed as quickly as possible from the time your request is received. The length of time will largely depend on whether the information is provided in person or is sent by certified mail or by electronic means. There may be a fee for providing you with your Protected Health Information (e.g., hardcopies/paper copies, labor, postage).