Prevent PHI from Falling into the Wrong Hands

The British are coming! The British are coming!

This isn't a blog about the Battles of Lexington and Concord with Paul Revere’s famous quote… but this is equally as important as that fateful night.

The British, Chinese, Iranians, Russians, eastern Europeans—and probably the US government too—are all coming to a database near you.  They are systematically gathering data about all of us.  No bit of data is too small because it could be a critical piece of the puzzle that connects all of the seemingly unimportant information they’ve already collected on you.  Imagine creating a digital picture of you, one pixel at a time.  Get it?  No wait, they’ve got it.

As defined by US law and, protected health information (PHI) includes any information about health status, provision of health care, or payment for health care that is collected or created by a covered entity and can be linked to a certain individual. U.S. Department of Health & Human Services

A breach of PHI can cause you expensive litigation, large fines, and a damaged reputation. The most common cause of PHI breach is theft or loss of unencrypted portable computing devices and digital media (laptops, tablets, mobile, USB drives, CDs). Clear Data, Information Security

We are all in an arms race.  Every time you strengthen your data defenses the thieves think of new ways to penetrate them.  One of the best defenses against a PHI breach: strong common sense.

Don’t use PHI if you don’t have to.  And don’t store/save it if you don’t need to.  If the PHI isn’t out in the world of Big Data, it can’t be stolen.

Lesson #1
Think Medical Research PHI

Let’s assume you need to save dozens of files of important documents and records (i.e. medical records) and let’s also assume they contain bits of sensitive information that are superfluous.  Consider deleting or redacting just the sensitive information. 

Generally speaking, medical researchers don’t need the patient’s name.  If patient names and social security numbers are removed, they can’t be stolen and their exclusion from the document doesn’t necessarily lessen their value. 

If you don’t need it or use it, get rid of it.


Lesson #2
Encryption When PHI is in Motion

Just this last week, we received a hard drive with a large number of documents.  These documents were sent to us by our client because we provide redaction services.  The drive was not encrypted, and worse, thedrive was first sent to the wrong address.  Think about it… unprotected sensitive documents sent to the wrong address.  Mistakes happen but this human error would have been mitigated if the drive was encrypted. 

Take time to secure documents in transit.


There are too many possibilities with the breach of PHI. Our job is to eliminate these possibilities with automated redaction services. For more information on our product and services, schedule a brief call with us by completing the form below.

Request More Information

Name *

About the Author: David Rasmussen

With 30 years’ experience leading software companies, David is driven by the challenge to consistently find groundbreaking ways to solve customer problems and finds it rewarding to hit the customer’s target and create a great team, build a solid infrastructure, and emerge with a strong value proposition.