InfoSec and Privacy ISO Standards

X-ray Image as PHI

  • An X-ray image is PHI.
  • Odds are that an X-ray image is treated as PII. (Many people treat PHI as a subset of PII)
  • Applicable laws and regulations of PII and PHI should be reviewed in terms of jurisdiction

Personally Identifiable Information (PII)

ISO 29100 defines Personally identifiable information (PII) as “any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, from which identification or contact information of an individual person can be derived, or that is or might be directly or indirectly linked to a natural person.”

Protected Health Information (PHI)

ISO/TS 14441:2013 defines protected health information (PHI) as “information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual.”

In a broad sense, it may include any part of a patient’s medical record or payment history.

PHI is information that is created, transmitted, received, or maintained by a covered entity — your dental office — that is related to any of the following:

  • Past, present, or future health or condition of an individual
  • Provision of healthcare to an individual — what you did and what you may do
  • Past, present, or future payment for the provision of healthcare to an individual
  • Yes, ledger entries are PHI and considered part of the chart

These things must be accompanied by an identifier, or PII, like name, address, social security number, email address, or geographic subdivision smaller than a state — like county, parish, or town — as well as many others.

Source: https://www.revenuewell.com/article/dental-hipaa-compliance-pii-phi/


Leave a Reply