Do you think your doctor keeps your medical information on a computer? Forty percent of Americans think so, but only five percent of doctors actually do.
What Is PHI?
Personal health information can be in paper, fax or electronic form. When in electronic form it is called Electronic Personal Health Information or EPHI. EPHI or patient data is typically used for billing purposes usually transmitted electronically to those paying your bills, such as your health plan, although the company may request paper documents in support of the bill. Information is often identified by your name, patient identification number, address, phone number, and social security number.
Your health plan receives your health information through the claims provided by patient accounts/billing departments at your healthcare facility. The coded data is then evaluated automatically then they will identify appropriate payment for the services your received. Your health plan may ask your provider for more information to validate payment if the claim submitted were not complete enough to support what was being billed for.
How Are My Health Records Managed?
Most healthcare providers still manage health care records in paper form. The healthcare industry and the federal government are working to improve healthcare through use of information technology. This is done through the Electronic Health Record (EHR) and a system that would allow EHRs to be shared across healthcare systems and providers. But this may take at least 10 years to create, and even then, it won't replace your personal health record.
Can My EPHI Be Sent Through Email?
Email can be used to transmit information, as long as organizations have made the email secure by protecting the EPHI, such as encryption and decryption, which protects the email from unwanted access or tampering.
Your health plan must also put into place security standards to protect your EHPI. Some EPHI can be transmitted over the internet through security "portals" or virtual private networks. These technologies allow large amounts of data containing EPHI to be delivered from many different entities in the healthcare delivery network. Encryption and decryption, secure access and authentication and even direct connections are enabled to keep your EPHI as secure as possible.
What About Medicare?
Medicare EPHI cannot be transmitted over the internet. The Medicare Payment System consists of direct connections into the system that are set up with great care.
What About The Privacy Of My EPHI?
EPHI is protected under The Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA included provisions designed to encourage electronic transactions and also required new safeguards to protect the security and confidentiality of health information. They were the first ever privacy standards to protect patient's medical records and other health information provided to health plans, doctors, hospitals and other providers that took affect April 14, 2003. They represent a uniform, federal floor of privacy protections for consumers across the country.
HIPAA sets limits on how health plans and providers may use EPHI to promote the best quality of care for patients. The rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their patients. Under HIPAA you can receive notice that tells you how your health information may be used and shared.
Bottom Line...
Your electronic protected health information shared by your doctors, hospitals and health plans must be protected for better patient care. Whether you are receiving an email from the doctor containing your EPHI or your EPHI data is shared with your health plan, there are stringent safeguards to keep it private.
For More Information
Doctors have formed a site to help you with understanding your medical information and records at www.myphr.com and please visit www.hhs.gov/news/facts/privacy.html at the Department of Health and Human Services, Center for Medicare/Medicaid Services.