Could you please briefly explain what HIPPA laws, PII and PHI are? Many students in this class are not familiar with this terminology. Thanks!
The following terms are important if you plan to work on evaluations related to people, especially health related data. Most large organizations require you to take a training course or refresher related to the latest HIPAA Laws, how to properly manage data, how to protect it, and usually you are required to complete varying levels of background checks or clearances. Usually these same organizations require some level of CMMI training as well.
Health Care and DATA Terminology
The Capability Maturity Model Integration, or CMMI, is a process model that provides a clear definition of what an organization should do to promote behaviors that lead to improved performance.
HIPAA Laws are governed by the United State Government, though many countries have similar laws. The specific terms I am referencing define how personal information may be identified, used, referenced, shared, and how they must be protected. These include terms, provisions, and national standards for unique health identifiers and security.
“To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191. ” (HHS 2016).
PHI or Protected Health Information
Protected health information (PHI) under US law is any information about health status, provision of health care, or payment for health care that is created or collected by a “Covered Entity” (or a Business Associate of a Covered Entity), and can be linked to a specific individual.
PII or Personally Identifiable Information
Per the Executive Office of the President, Office of Management and Budget (OMB) and the U.S. Department of Commerce, Office of the Chief Information Officer, “The term “personally identifiable information” (or PII) refers to information which can be used to distinguish or trace an individual’s identity, such as their name, Social Security Number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.”
California Senate Bill SB 1386: “personal information” means an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
- Social Security Number
- Driver’s license number or California Identification Card number
- Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- HHS (2016). U.S. Department of Health & Human Services. http://www.hhs.gov/hipaa/ or http://www.hhs.gov/hipaa/for-professionals/index.html
- Wikipedia (2016). Protected Health Information. Wikipedia. https://en.wikipedia.org/wiki/Protected_health_information
- iDash (2016). PHI and PII Definition and Data Elements. National Institutes of Health. https://idash.ucsd.edu/phi-and-pii-definition-and-data-elements
- CMMI Institute (2016). http://cmmiinstitute.com/
- Broads Word Solutions (2016). http://www.broadswordsolutions.com/what-is-cmmi/