How to resolve PII and PHI issues when you distribute reports
When you’re reviewing important reports, keeping the information in them 100 percent secure might not be at the top of your list.
That’s not to say client or patient privacy isn’t important to you. Of course it is.
But on a day-to-day basis, most of your attention is on completing your task with the report. Then, you’ll either cue the next person in your workflow, store the report, or destroy the report.
Maybe you’re handling:
- Purchase orders
- Annual reports
- Earnings reports
- Explanations of payment (EOPs)
- Explanations of benefits (EOBs)
Keep reading to learn about 4 ways you can safeguard PII and PHI in your report and document management processes.
1. Know when you’re handling PII and PHI
In the reports you handle regularly, can you identify exactly which information is PII or PHI?
If you don’t even know what or where it is, you won’t do a very good job at protecting it.
PII like name, email, phone number, and address are considered public. While you shouldn’t share this information with everyone including your grandma, you don’t need to safeguard it as closely as more sensitive PII.
Information considered PHI is a little more broad.
The first step to protecting PII and PHI is knowing where you have it.
2. Address security threats you didn’t realize existed
Moving past environmental hazards and natural disasters, there are many ways PII and PHI could be unnecessarily exposed in your day-to-day routine.
Remember, many of the guidelines for protecting PII and PHI are intentionally vague. The biggest guideline is this: You need to do everything reasonable and appropriate to keep PII and PHI safe.
Regardless of whether the wrong people who see PII and PHI use it for ill, it’s still considered a breach because there is a potential that it could be used for ill.
In your office alone, 6 of the biggest threats to PII and PHI are:
- Prying eyes
- Abandoned computers
- Unattended printers
- Unprotected attachments
- Unlocked filing cabinets
- Poor disposal
For a more in-depth analysis of each of these threats, check out our blog post about 6 of the biggest internal security threats in your report management process—and how you can solve them quickly.
You need to do everything reasonable and appropriate to keep PII and PHI safe.
3. Redact unnecessary PII and PHI
Removing PII and PHI from reports could be the solution you’re looking for.
Here are a few scenarios where redaction could save the day:
- You can’t give every employee a privacy screen and private office to protect PII and PHI from prying eyes. Before employees view any reports, assess which—if any—PII and PHI needs to remain for them to complete their tasks efficiently and accurately. Redact the information they don’t need to see and you’ll also prevent others from seeing it secondhand.
- To verify they’ve received the right invoice, your patients’ invoices display their Social Security number, birthday, and account number. Employees who format and verify the invoices before sending them to patients only need to see the account numbers. You can reduce unnecessary exposure to PHI by temporarily redacting patients’ SSNs and birthdays.
The key to redaction is determining exactly which information is necessary and which information is excess. On first glance, it might seem like employees need to see certain PII and PHI. But maybe that’s just because that’s how they’ve always done it.
More than likely, there will be a learning curve when you start redacting information. It can be disorienting to see black boxes where normal text used to be. But the added security you get is absolutely worth it.
If you want concrete tips on redacting sensitive information like PII and PHI, check out our blog post that outlines what redaction is, why you need it, and how to start it.
The key to redaction is determining exactly which PII and PHI is necessary and which is excess.
4. Change how you distribute reports
Okay, so you . . .
- Know what PII and PHI you handle
- Resolved internal security threats like prying eyes
- Redacted as much data as possible
But you might still be risking private client information.
If your distribution process itself is flawed, no amount of awareness, safeguarding, and redaction will solve the issue.
We’ve talked before about how unreliable mail and email are for document management and distribution.
Once you realize that your report management pipeline itself is putting PII and PHI at risk, you’ll want to find a better way to share documents with clients and other employees.
Instead of trying to fix a flawed system, replace it. Mail and email might never be entirely secure when it comes to safeguarding client PII and PHI. Automating document distribution and management removes the human factor and resolves the biggest security risks native to mail and email.
Mail and email have native security risks that endanger PII and PHI.
Here’s what we’ve learned about resolving PII and PHI issues when you manage reports:
- Know what PII and PHI are in your reports and documents
- Resolve everyday internal security threats
- Redact as much data as possible for each person viewing a report
- Change how you distribute reports
If you’re tired of second-guessing your attempts to protect PII and PHI, check out our free guide on 8 of the best benefits of automating report management.
And don’t forget, you can always use the form in the top right to contact us with any questions you have. We’re happy to help, and we love chatting with people like you!