Difference between revisions of "PHI"
From MgmtWiki
(→Context) |
(→References) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
*As defined in [[FHIR]] Protected Health Information must be protected by [[Secure Node]] interchanges. | *As defined in [[FHIR]] Protected Health Information must be protected by [[Secure Node]] interchanges. | ||
| − | *Note that in some documents this is called Personally Identifiable Healthcare Information | + | *Note that in some documents this is called Personally Identifiable Healthcare Information or Electronic Health Information([[EHI]]). |
| − | |||
==Context== | ==Context== | ||
| Line 8: | Line 7: | ||
Other abbreviations that might be seen include: | Other abbreviations that might be seen include: | ||
| − | # | + | #ePHI for Electronic Protected Health Information: has the meaning set forth in 45 C.F.R. §160.103 of the HIPAA Rules. |
| − | #Electronic Health Information” | + | #EHI for Electronic Health Information” which is any information that identifies the individual, or with respect to which there is a reasonable basis to believe the information can be used to identify the individual and is transmitted by or maintained in electronic media, as defined in 45 CFR 160.103, that relates to the past, present, or future health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. EHI includes information that is accessed, exchanged, used or maintained in the context of the Trusted Exchange Framework and may be developed for an individual, on behalf of an individual, or provided directly from either an individual or from technology that the individual has elected to use. EHI includes but is not limited to ePHI and health information as defined in 45 CFR 160.103. However, unlike ePHI and health information, EHI is not limited to information that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school, university or health care clearinghouse. EHI does not include health information that is de-identified consistent with the requirements |
| − | which there is a reasonable basis to believe the information can be used to identify the individual and is | ||
| − | transmitted by or maintained in electronic media, as defined in 45 CFR 160.103, that relates to the past, present, | ||
| − | or future health or condition of an individual; the provision of health care to an individual; or the past, present, or | ||
| − | future payment for the provision of health care to an individual. EHI includes information that is accessed, | ||
| − | exchanged, used or maintained in the context of the Trusted Exchange Framework and may be developed for an | ||
| − | individual, on behalf of an individual, or provided directly from either an individual or from technology that the | ||
| − | individual has elected to use. EHI includes but is not limited to ePHI and health information as defined in 45 CFR | ||
| − | 160.103. However, unlike ePHI and health information, EHI is not limited to information that is created or received | ||
| − | by a health care provider, health plan, public health authority, employer, life insurer, school, university or health | ||
| − | care clearinghouse. EHI does not include health information that is de-identified consistent with the requirements | ||
==Problems== | ==Problems== | ||
| Line 29: | Line 18: | ||
==References== | ==References== | ||
| − | [[FHIR]] STU3 version of the [http://hl7.org/fhir/secpriv-module.html Security and Privacy Module] has a good overview of protection of health information. | + | * [[FHIR]] STU3 version of the [http://hl7.org/fhir/secpriv-module.html Security and Privacy Module] has a good overview of protection of health information. |
| + | * [https://wiki.idesg.org/wiki/index.php/Health_Care_Profile Health Care Profile] in Kartara IDEF documentation. | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Standard]] | [[Category:Standard]] | ||
[[Category:Privacy]] | [[Category:Privacy]] | ||
| + | [[Category:Health]] | ||
Revision as of 16:28, 1 February 2019
Full Title or Meme
- As defined in FHIR Protected Health Information must be protected by Secure Node interchanges.
- Note that in some documents this is called Personally Identifiable Healthcare Information or Electronic Health Information(EHI).
Context
The context of an FHIR interaction is the transfer of PHI although other transaction could occur of the interchange so established.
Other abbreviations that might be seen include:
- ePHI for Electronic Protected Health Information: has the meaning set forth in 45 C.F.R. §160.103 of the HIPAA Rules.
- EHI for Electronic Health Information” which is any information that identifies the individual, or with respect to which there is a reasonable basis to believe the information can be used to identify the individual and is transmitted by or maintained in electronic media, as defined in 45 CFR 160.103, that relates to the past, present, or future health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. EHI includes information that is accessed, exchanged, used or maintained in the context of the Trusted Exchange Framework and may be developed for an individual, on behalf of an individual, or provided directly from either an individual or from technology that the individual has elected to use. EHI includes but is not limited to ePHI and health information as defined in 45 CFR 160.103. However, unlike ePHI and health information, EHI is not limited to information that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school, university or health care clearinghouse. EHI does not include health information that is de-identified consistent with the requirements
Problems
- FHIR is focused on the data access methods and encoding leveraging existing Security solutions. Security in FHIR needs to focus on the set of considerations required to ensure that data can be discovered, accessed, or altered only in accordance with expectations and policies.
- Privacy in FHIR is focused on the data access methods and encoding leveraging existing Security solutions. Security in FHIR needs to focus on the set of considerations required to ensure that data can be discovered, accessed, or altered only in accordance with expectations and policies.
Solutions
FHIR taken as a whole is designed to securely exchange PHI in a Privacy preserving manner.
References
- FHIR STU3 version of the Security and Privacy Module has a good overview of protection of health information.
- Health Care Profile in Kartara IDEF documentation.
