HIPAA’s Privacy Rule protects all “individually identifiable health information” held or transmitted by a Covered Entity, no matter what form it is in. HIPAA applies whether a person’s health information is held or disclosed electronically, orally, or in written form.

A person’s health information is often referred to as Protected Health Information (PHI). This covers information that relates to:

  • A person’s past, present or future physical or mental health conditions.
  • Any health care provided to a person (e.g. clinical notes or lab results related to a person’s medical care).
  • Past, present, or future payments related to a person’s health care (e.g. billing records).

In other words, this is information created by, or stored by healthcare providers, insurers and healthcare providers’ Business Associates.

HIPAA also covers demographic data and any information that can be used to identify a person, such as names, addresses, date of birth and patient account numbers.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!