Do you know tens of thousands of patient records were posted to the dark web last year?
According to NBC News, hackers published extensive patient data from different hospitals and medical centers. These files comprised tens of thousands of diagnostic tests results and letters to insurers including the personal information of patients.
In this digital era, you can now access your medical information easily with just one click. Technological advancements have produced many benefits that include easy access to health-related information, communication with health care providers, educating students through digital media, etc.
Along with these benefits, there are some security risks as well. Health care data is private. Nobody wants his medical records to be accessed publicly. It is our utmost responsibility to protect personal health information from third parties at all levels.
Sometimes, sharing medical records is not restricted to medical professionals and patients only, it can be shared with third parties (educational institutions, Government) for legal or research purposes.
Therefore, redaction of PHI (Protected Health Information) is necessary, and it is a requirement as per standard privacy rules of HIPPA.
In this article, we will cover HIPAA redaction rules for you. We will also discuss an AI-based tool that you can use to conveniently redact PHI.
PHI Under HIPAA compliance: An overview
Health Insurance Portability and Accountability Act (HIPAA) is an act that was passed by the U.S Department of Health and Human Services in 1996 and updated with the HITECH act in 2009. It provides the rules for the privacy and security of PHI.
All covered entities (Health Providers, Health Plans) and business associates that collect Patient Health Information (PHI) are bound to follow the HIPPA rules. HIPPA ensures that an individual’s health information is secured.
All health information is considered as PHI when it includes individual identifiers.
PHI data under HIPPA compliance could be any information in the form of
- Physical data
- Digital data
- Or spoken words.
The breach of such information is considered a HIPAA violation and is a serious crime that results in penalties.
According to American Medical Association,
“Violation of HIPPA compliance rules results in penalties ranging from min $100 to max $50,000 per violation with an annual max of $25,000 for a repeat violation.”
De-identification/Redaction Rules Under HIPAA
To prevent violations, PHI needs to be redacted before being shared with others. Redaction under HIPPA is covered in the Privacy Rule, which is responsible for regulating the use and disclosure of personal health information.
According to the Privacy Rule of HIPPA, it is termed as ”deidentification,” where you can easily hide one of the 18 identifiers of PHI.
HIPPA Privacy Rule permits patients and medical professionals to access their medical records for treatment, payment, and health care purposes. But this rule is not just applicable to health care organizations only, in fact, sometimes health records need to be shared with covered entities. “Covered Entities” include Health plans, health care providers, health care clearinghouses, business associates, health insurers. For example, health insurers can gain access to PHI for billing information with patients' consent ensuring that PHI is properly protected.
In certain circumstances, covered entities can use and disclose health information without patients' authorization which is as follows:
- When required by federal law for public health purposes
- When required by law enforcement agencies.
- For clinical research purposes
- Conducting health care operations (quality assurance, compliance monitoring)
- Reporting abuse victims, violence cases.
- Health oversight activities.
- Judicial or administrative matters.
So covered entities are held accountable for proper handling and deidentification of personal information before disclosure. Therefore, redaction is necessary to remove personal health-related information from medical records before sharing ahead.
Redaction is a time-consuming process so many organizations are looking for an efficient HIPPA compliant redaction tool that saves time.
VIDIZMO: As a HIPAA Compliant redaction tool.
With VIDIZMO’s redaction tool the process is quick and simple. It offers a HIPPA compliant PHI redaction software that redacts audio/video files using artificial intelligence, securely.
Key features of VIDIZMO HIPPA compliant redaction tool include:
- Detection and tracking of faces, bodies, and redact them automatically by using artificial intelligence.
- Blurring objects in images, muting audio segments, and hiding specific texts containing personal health information.
- Hiding sensitive personal health information appearing in videos such as names, medical records, full-face photos, etc.
- Redact multiple files simultaneously.
- Audio/Video redaction with manual redaction capabilities.
- VIDIZMO offers much more than redaction software. It has an IDC-recognized Digital Evidence Management System* with a chain of custody, transcription, translation, and secure sharing features. It also offers a HIPAA-Compliant Video Platform with various security features to protect PHI.
We offer much more... See all features offered in VIDIZMO video redaction software.
If u want to buy our product, there are three ways to do so:
Standalone Redaction Tool: VIDIZMO offers simple software to upload files and quickly redact them. With the VIDIZMO HIPPA compliant redaction tool, the process is simple and fast. All you need to do is upload audio/video files. Our AI (Artificial Intelligence) will detect all appearing faces and objects select the ones you want to redact, and they will be blurred throughout the video.
Video Content Management System: We have Gartner recognized Video Content Management platform with multiple features that enable end-to-end video management and streaming. You can upload videos and manage them securely here. Learn more about EnterpriseTube.
Digital Evidence Management System: you can opt for our IDC-recognized Digital Evidence Management System* that enables law enforcement agencies and other organizations to store, manage, and share digital evidence collected at crime scenes through various sources like dashcams, body-worn cameras, drones, CCTV cameras while ensuring the highest level of compliance with CJIS and FedRAMP.
All these three options are available as SaaS, or you can deploy in Azure Commercial/Government cloud or your on-premises datacenter.
Read More: HIPAA Compliant vs. HIPAA Ready
Do check out our detailed guide on redaction to understand the requirements under other compliances, tools available and more.
*This is about the document: IDC MarketScape: Worldwide Digital Evidence Management Solutions for Law Enforcement 2020 Vendor Assessment, #US44848219e, November 2020.