What is Protected Health Information:

Any information concerning a person’s health state, the delivery of healthcare, or the payment for healthcare that was generated or gathered by a covered entity is considered protected health information (PHI). It is also known as personal health information because it is the information a healthcare professional gathers to identify a patient and determine the most appropriate course of treatment, including demographic data, medical histories, test and laboratory results, mental health conditions, insurance information, etc

According to healthcare professionals, protected health information is made up of 18 separate information identifiers when combined with health information. Some of these identifiers can be used alone to locate, contact, or identify a person. To identify a person, more information must be merged with existing data. Some specific examples that qualify as PHI are as follows: patient name, patient address, date of birth, phone number, email address, social security number (if any), medical record number, health plan, beneficiary number, account number, certificate or license number, vehicle identifiers such as serial numbers or license plate numbers, website URL, internet protocol (IP) address, biometric ids such as a fingerprint or voice print, full-face photographs or other photos of identifying characteristics and any other unique identifying characteristic.

Protected Health Information does not include:

(1) Educational records

(2) Employment data retained by a covered organization in its capacity as an employer

(3) Records pertaining to an individual who has died for more than 50 years.

Make sure your marketing agency acquires the data you need to communicate with potential customers in a Health Insurance Portability and Accountability Act (HIPAA)-compliant manner if you’re selling healthcare goods and services. The Privacy and Security Rules explicitly address the proper use of patient data, therefore failing to comprehend the compliance requirements might unintentionally subject your agency to penalties. HIPAA does not consider all communications from healthcare practitioners to be marketing, though. Marketing does not apply when medical professionals are only informing patients about a good or service that is already covered by their insurance.

Protected health information may not be sold by a covered entity to a business partner or other third party for the benefit of the third party. Furthermore, without getting consent from each individual on the list, businesses are not permitted to sell lists of patients or enrollees to third parties. For instance, if a health company sells a list of its members to a firm that sells blood glucose monitors, with the intention of sending pamphlets to the firms’ members on the benefits of acquiring and utilizing the monitors. Then, it is not allowed according to HIPAA Privacy Rule.

Communicating clearly about an ongoing treatment strategy is not “marketing.” It is also free from marketing regulations if a healthcare professional suggests an alternative course of therapy at any stage throughout a patient’s course of treatment, including switching to different goods or services. The law regards such recommendations as legitimate acts of care that are made with the patient’s wellbeing in mind.



« Back to Programmatic Glossary Index