As we prepare to launch or continue providing the DPP to our communities, the DPRP reminds all of us that managing our participants’ Private Health Information (PHI) is crucial! As outlined in the 2018 DPRP Standards, page 4:
“It is the organization’s responsibility to be versed in and to comply with any federal, state, and/or local laws governing individual-level identifiable data, including those laws related to the Health Insurance Portability and Accountability Act (HIPAA), data collection, data storage, data use, and disclosure”.
So how do we wrap our minds around this and make sure we are lining up with these requirements?
- Check with your local, state, (and federal) laws governing management of PHI. Laws vary geographically, so specific guidance should come from those local and state resources, first.
- If you are conducting your DPP in a healthcare setting, make sure you consult with their medical legal department so that you are following “in house” protocols.
- Common sense! How are you managing your PHI right now? Remember, any document that contains any PHI (registration forms, lab numbers, class data, etc) should be held in a locked and secure location. If you are storing documents electronically, encryption is important. Check the State of Wellness Resources Page–“Sending HIPAA Compliant Emails 101”.
- Authorization/Notification and Release of Information documents—Documents granting authorization/permission to collect, store, and share data (with the DPRP)—all part of the process!
- State of Wellness Resources Page “PHI-Managing Privacy for NDPP and MDPP”. Here, you will find several links that can walk you through the “basics” and provide document templates.