PHI Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

51 minutes
Video Transcription
Hello and welcome to CyberRays. Intermediate Data Security Course ph. I. I'll be instructor Dustin Perry. In today's video, we're going to discuss what PH. I is and go over a little bit about your health and your rights so it's going get started.
P. H. I or protected health information, sometimes referred to as private or personal health information, includes most information about someone's personal health,
things like demographic information, medical history tests,
lab results, mental health conditions, insurance information and really any other data that a health care provider collects to help identify a person and determine the appropriate care.
Under the Health Insurance Portability and Accountability Act, or HIPPA, of 1996 and revisions to HIPPA in 2009. Health Information Technology for Economic and Clinical Health,
or the high Tech Act covered entities include healthcare providers, insurers and their business associates.
And these entities air limited in the types of ph I. They can collect from individuals, share with other organizations or use in marketing.
In addition, organizations must provide protected health information to patients if requested
beyond its use to patients and health care professionals. It's also really valuable to clinical and scientific researchers When Anonima ized
for hackers, Ph. I is a treasure trove of personal consumer information that, when stolen, can be sold elsewhere, held hostage to ransomware or used Teoh steal someone's identity
by its very nature. Healthcare deals with sensitive details about a patient including birthdate, medical conditions and health insurance claims
while he used to be stored in a paper based records or now typically these air stored as Elektronik health records and known as AH E H R from their stored in any HR system.
PH I explains a patient's medical history, including any ailments, various treatments and outcomes.
From the moment you were born, you had your pH I entered into an each our system, including your date of birth, any measurements like height, length, weight, body temperatures in any issues you may have had during delivery
every time you went to the doctor for a vaccination, a cold, a broken bone. All that information is tracked in an E H R system,
and this helps doctors and other professionals in the healthcare field during future visits. All this information about you from the time you were born until the time you pass, is kept in an HR system.
As you can imagine, this information is typically a huge target for hackers, whether it's gathering the information for other purposes, like stealing identities, accessing medical records for targeted tax getting medications. It's also targeted by hackers because it's so valuable to the health care groups themselves.
Typically, hospitals and other health care organizations have old and outdated systems, and these systems are extremely vulnerable to ransomware and other attacks.
With this information encrypted, it's very important for hospitals and healthcare organizations to get the data back,
which allows the rants were craters and Attackers to charge large amounts of money
in order to get that information back.
Another use for Ph. I is research, typically the state. It will be stripped of any identifying features like names, socials, birthdates, then submitted anonymously to large databases of patient information.
This data can be used for health management and value based care programs.
Most of us believe that our medical records and other health information is private and should be protected,
and we want to know who has this information.
The privacy rule, which is a federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information.
The privacy rule applies to all forms of individuals protected health information, whether that's Elektronik written or even aural. The security rule is a federal law that requires security for health information in electronic form.
Covered entities for the security rule include health plans, and that's things like health insurance companies, HMO's company, health plans and even certain government programs that pay for health care like Medicare or Medicaid.
Most health care providers are also covered those that conduct certain businesses electronically. Like your Elektronik. Rebuilding Your health insurance includes most doctors, clinics, hospitals, psychologists,
chiropractors, nursing homes, pharmacies and dentists.
It also covers health care clearinghouses, which are entities that process nonstandard health information they receive from another entity into a standard Elektronik format, typically or vice versa. In addition, business associates of covered entities must follow parts of the HIPPA regulations.
Often contractors, subcontractors and other outside persons and companies that are not employees of a covered entity will need to have access to your health information when providing services to that covered entity.
We call these entities typically business associates and this some examples of business associates include companies that help your doctors get paid for providing health care, like building companies. Companies that process health care claims,
companies that help administer health plans.
Some people like outside lawyers, accountants, I t specialists. So even if you are in I t. You main run into hip a data all the time, depending on where you work.
So here's a quick quiz question. It kind of gets you thinking more about pH. I. Why do you think hackers like to target pH. I
Yeah, what could someone do with your pH. I.
The first thing that comes to mind for me is it's really the perfect information to steal someone's identity.
If that's not the Attackers goal. Maybe they want to target you specifically for another attack. A social engineering attack.
They can gain inside information to generate a phishing email
really tailored specifically to you and almost guaranteed to work every time.
Another reason hackers like to target pH. I is typically, hospitals and other healthcare organizations have old and outdated systems. It's pretty easy, which they're extremely vulnerable to ransomware.
With this information encrypted, it's very important for hospitals and healthcare organizations to try and get that data back, which allows the Attackers to charge pretty much whatever they want and usually make Ah lot of money.
So in today's video, we discussed briefly pH i what it is, and we went over your health and some of the rights that you have in regarding in regards to your pH I data.
Up Next