Guard PHI with Sensitivity

Guard PHI with Sensitivity

Be aware of your surroundings when discussing a patient’s private medical information.

Contrary to the opinion of others, a coder’s job is never boring. We have the privilege of reading provider notes, which are always interesting. Sometimes they’re even funny or absurd. As professionals, however, we must remember that we are working with sensitive information and need to treat it as such. Patients rightly expect the healthcare team to protect their private information. A quick review of HIPAA requirements serves as a good reminder of that, and reinforces our ability to guard patients’ protected health information (PHI).

Confidentiality Is Key when Handling PHI

Best practices for handling patient information and keeping medical record integrity include:

  • Ensuring the data is accurate within the documentation;
  • Preventing unnecessary access to the patient information; and
  • Understanding when it’s appropriate to discuss a patient record with colleagues.

Inappropriate uses of patient information include:

  • Discussing patient information within earshot of other patients or visitors
  • Discussing patient information in public areas (cafeterias, elevators, hallways, etc.)
  • Sharing information with other healthcare associates when not required for duties
  • Accessing information of close relatives or people you know
  • Discussing patient information with those who are not a part of the organization’s healthcare team

Integrity Goes Beyond Compliance

Although incidental exposure to patient information may occur within an organization without serious repercussions, outside exposure must be kept to a minimum to protect patients’ privacy.

The HIPAA Privacy Rule demonstrates times when discussing patient information cannot be avoided and is necessary to the roles of the healthcare team. When disclosure of patient PHI is necessary, there are measures you can take to minimize the exposure. For example:

  • Try not to reveal patient identification information;
  • Keep the discussion to a minimum; and
  • Move to a more private location, if possible.

Handling PHI appropriately goes beyond HIPAA compliance. For example, providers need to know they can count on the coding and health information team to work professionally with patient records. Otherwise, they may be reluctant to work with the team, which can cause communication issues. Misuse of PHI may also cause a loss of revenue for the practice. Patients who feel their personal information is not being kept private or safeguarded may be inclined to seek care elsewhere.

Precautionary Steps to Shield PHI

To instill faith in your patients and providers, take precautions when accessing patient information vital to daily tasks, such as coding, insurance denials, and working within the patient record. For example:

  • Access patient information only when it’s necessary to fulfill job duties;
  • Speak softly when discussing patients among co-workers (which you should only do for job-related purposes); and
  • Use security measures such as passwords on computers, locking mechanisms on paper records, and automatic lock screens on laptops.

It’s Not Just the Law

In addition to meeting requirements under law, there is a moral and ethical standpoint to consider when accessing patient records. Suppose you discover a funny situation in a patient record — for example, due to an amusing situation or a dictation error — and you share that information with other associates. Morally, you should consider this scenario from the patient’s point of view. How would you feel if you were the patient? Would you think sharing the information was acceptable?

Health information professionals must remember that, although you are most often working with medical records, numbers, and dollar amounts, you are also working indirectly with human patients. Consider whether using the patient information is in the patient’s best interest. There will always be a risk when sharing patient information, but you must protect it to the best of your ability. Demonstrating a high level of integrity and respect for patients is the best way to care for them.


Andy Rusch, CPC, is a coding professional for Ministry Health Care in Wisconsin. He graduated in 2012 with an associate degree in Biomedical Informatics and has been working as a coding specialist for the past four years. Rusch is a member of the Wausau, Wisc., local chapter.


Leave a Reply

Your email address will not be published. Required fields are marked *