PROTECTING PATIENT PRIVACY
The HIPAA Safe Harbor Provision is a section under the Privacy Rule. This privacy rule protects privacy and protects the patient’s information from any possible use or disclosure. The safe harbor involves the de-identification of PHI. De-identification is where particular information of a patient is removed and then used with the combination of other information in identifying and recognizing particular patients. This paper will define the terms used in HIPPA Safe Harbor Provision as well as describing the provision.
Protected Health Information (PHI) is any information that can identify a patient and has been transmitted through oral communication, electronic paper, and through the media. The HIPPA Privacy rule enables the protection of information related to the identification of the patient (Drolet, Marwaha, Hyatt, Blazar & Lifchez, 2017). The information that can be used to identify the patient and is defined under the rule it includes demographic information which is related to the future, present and past mental or physical health condition of the patient.
“There must be a level of governance in place to ensure that the data will not be analyzed or used to discriminate against or stigmatize the participants or certain groups” (Moore & Frye, 2019). This information could either be electronically created, transmitted, maintained, or received by any health facility or business associate. Health care provided to the individual in the hospital or at home. Payment is done today, in the future or in the past to provide good health care to that patient.
If there exists evidence to show that the information can be used to identify the individual is also protected under this rule. Information that can lead to the identification of an individual also includes his name (on the name or both names), Address, date of birth, date of admission and the date of discharge, Marital status, Drivers license, Telephone, and Fax number and social security number. The inclusion of dates and their geographic information is necessary.
Temporal and geospatial information risk removal under the safe harbor hence reducing its significance during the identification. “It is impossible to include dates when adverse events occur” (Cohen & Mello, 2018). Given the challenges experienced for de-identification through Safe Harbor. The rule provides an alternate form of professional determination method. The method requires that de-identification is based on commonly accepted scientific and statistical principles for the execution of information that is easily identifiable.
The risk involved in de-identification needs to be at a minimal level whereas the information by a possible recipient. The information which is said to be of PHI its disclosure and use is limited by the rule. The removal of particular patient identifiers such as relatives, household individuals, and employers are termed to be de-identification. “If there exist any unique number a code or a characteristic it should be removed from the data set” (Garfinkel, 2016). If the information is not removed it is considered as part of persona health information. However, if the information is removed the data must be encrypted.
The de-identification process is satisfied according to the safe harbor provisions if only the patient has no knowledge of the information that has been left behind can be used in his identification. The de-identified information seizes to be protected health information thus no restriction should be placed in its disclosure or its use. The safe harbor provisions provide guidelines for the protection of the covered individual patient (Cohen & Mello, 2018). There is a need to follow the set guidelines as well as the provisions set to enable health care organizations to carry out their operations.
References
Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century. Jama, 320(3), 231-232.
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: privacy, security, and HIPAA compliance. The Journal of hand surgery, 42(6), 411-416.
Garfinkel, S. (2016). De-Identifying Government Datasets (2nd Draft) (No. NIST Special Publication (SP) 800-188 (Draft)). National Institute of Standards and Technology.
Moore, W., & Frye, S. (2019). Review of HIPAA, part 1: history, protected health information, and privacy and security rules. Journal of nuclear medicine technology, 47(4), 269-272.