What is PHI
– PHI stands for Personal Health Information.
– Refers to health information that can be tied to an individual.
– When personal health information is combined with any of the following eighteen identifiers, it is considered PHI.
Healthcare Compliance Drivers
1. HIPAA – Federal regulation requiring protection of Protected Health Information
2. HITRUST – Common Security Framework is used to assess security around PHI or other sensitive data.
3. Customer Requirements – Covered entity or other customer requires validation of security controls through their vendor management program.
4. Internal Audit – Internal directive requiring validation of security controls against an industry-accepted security framework.
The Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required for companies that store, process, or handle electronic protected health information (ePHI). A HIPAA / HITECH attestation report demonstrates that an organization has implemented safeguards to protect sensitive ePHI. HIPAA establishes administrative, physical, technical, security and privacy standards that apply to both healthcare providers and business associates.
ControlCase’s HIPAA compliance methodology is derived from industry (based on ISO 27001 and 27002) standards and has evolved over time to represent the collective experience of ControlCase’ s security professionals’ worldwide in the changing security landscape. The focus of our assessment targets specific security elements that are defined, developed and implemented as part of an organization’s security program.
For more information click here
Or Contact Us to schedule a demo of our solution