For you to become familiar with the criteria for determining whether data should be considered Protected Health Information (PHI) and concepts related to data encryption.
Determining what is or isn’t PHI is critical to HIPAA compliance. Some data elements are considered Direct Identifiers (such as SSN or member ID), while others are considered Indirect Identifiers (such as date of birth). Using proper approaches to handling PHI – including data encryption methods- is an important part of how PHI is kept secure.
The Big Topics in This Lesson
1- Indirect vs Direct Identifiers
The information under this topic covers the different types of data elements that are considered Protected Health Information (PHI).
2- Data Encryption
The information under this topic focuses on understanding what data encryption is and why it is important for HIPAA compliance.
3- Other Laws Besides HIPAA
The information under this topic focuses on awareness of other laws besides HIPAA that govern the use of Protected Health Information.
Lesson Q & A
Click on each question to learn more
In order to know how to handle data correctly, organizational team members need to be able to understand a spectrum of health information in terms of how easily it can be used to identify a specific individual. There are 3 main types of healthcare data:
- Data that cannot be used to identify individuals, even in combination with other data – this type of information would be aggregated at so high a level so as to make personal identification possible. Example: the number of people with an HIV diagnosis by city (assuming the city population was not very small).
- Data that cannot be used to identify individuals by itself, but could be used to do so when combined with other data – these types of data include what are called Indirect Identifiers such as date of birth, zip code, date of service, etc. HIPAA refers to these as a “Limited Data Set.” Limited Data Sets are considered PHI.
- Data that contain Direct Identifiers- such as Name, SSN, insurance policy numbers, etc. These are considered PHI.
Encryption makes data on computers and other electronic devices unreadable or “scrambled”. There are tools that use different algorithms to create encrypted versions of things like SSN or member ID, but still allow for the encrypted ID to report on unique members. Encryption can be done at the field level or the file transfer level.
New Terms from this lesson:
- Limited Data Set– A data set that is considered PHI, but only contains Indirect Identifiers
- Indirect Identifiers– data elements that on their cannot identify a person, but could when combined with other information (such as date of birth or 5 digit zip)
- Direct Identifiers– data elements that directly identify a person, such as SSN, name or member ID
Ready for the Lesson Progress Quiz?
When you are ready to take the quiz, click the button below. You must pass the quiz to move onto the next lesson.