PHI and HIPAA
Compliance

Introduction

Protected Health Information (PHI) and HIPAA Compliance

Every business that is part of the U.S. healthcare industry must comply with Federal standards regulating sensitive and private patient information. In addition to protecting worker health insurance coverage, the Health Insurance Portability and Accountability Act (HIPAA) sets forth standards for protecting the integrity, confidentiality, and availability of electronic health information.

While no single product or solution can make an organization HIPAA compliant, the Mikroscan telemicroscopy solution can help organizations meet HIPAA guidelines for the privacy and security of remote access to healthcare information and can be used within a larger system to support HIPAA Compliance.

Although HIPAA compliance per se is applicable only to entities covered by HIPAA regulations (e.g., healthcare organizations), the technical security controls employed in our solutions meet

various HIPAA technical standards. Furthermore, the administrative configuration and control features provided by these products support healthcare organization compliance with the

Administrative and Physical Safeguards sections of the final HIPAA Security Rules.

Definitions: (Ref: 45 CFR 160.103)

Learn More About Our Vision

HIPAA

The Health Information Profitability and Accountability Act of 1996 (HIPAA) represents a federal law which prevents a health care provider from releasing individually identifiable PHI (protected health information) without the consent of an individual. The purpose of HIPAA is to protect the confidentiality, integrity and the availability of electronic protected health information (EPHI) when stored, maintained or transmitted.

Covered Entity

Covered Entity means:

(1) A health plan.

(2) A health care clearinghouse.

(3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter.

Health Care Clearinghouse

Health care clearinghouse means a public or private entity, including a billing service, repricing company, community health management information system or community health information system, and ‘‘value-added’’ networks and switches, that processes or facilitates the processing of health information received from another entity.

Business Associate

Business associate means, with respect to a covered entity, a person who performs, or assists in the performance of a function or activity involving the use or disclosure of individually identifiable health information.

Protected Health Information (PHI)

PHI means any information, whether oral or recorded in any form or medium that is (a) individually identifiable information, and (b) related to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provisions of health care to an individual. Individually identifiable information includes the individual’s:

Name

Address

Telephone and Fax Numbers

Electronic Email Addresses

Date of Birth

Social Security Number

Medical record numbers

Health plan beneficiary numbers

Account numbers

Certificate/license numbers

Vehicle identifiers and serial numbers, including license plate numbers

Device identifiers and serial numbers

Web Universal Resource Locators (URLs)

Internet Protocol (IP) address numbers

Biometric identifiers

Finger and voice prints

Full face photographic images and any comparable images

Any other information that can be used to identify the individual

Policy and Recommendations

Mikroscan is not a covered entity or a business associate of a covered entity. However, covered entities use Mikroscan-manufactured devices, systems, and software to enable the covered entity to transmit health information in electronic form.

Depending on the policies and procedures of the Health Care Provider, slide images that are scanned by the Mikroscan system may contain Protected Health Information. It is the responsibility of the Health Care Provider to ensure adequate security of this electronic information following HIPAA regulations and any other applicable requirements.

In the normal course of business, Mikroscan does not typically receive PHI. However, if Mikroscan receives suspected PHI from a covered entity, Mikroscan will:

(a) contact the sender to request direction on the actions to address all
possible PHI, and take action accordingly.

(b) not copy or record any of the materials received, either physical or electronic copies, until the PHI is redacted (removed or eliminated).

Remote connectivity to the Mikroscan system uses Splashtop software. For details on how Splashtop software addresses HIPAA compliance, please visit: www.splashtop.com/compliance

Request an online demo