Compliance Notes: Protect the PHI!

PHI is Protected Health Information. Under the HIPAA Privacy Rule, PHI is any combination of information that could lead to the identity of a patient. Leaving patient information unattended when it could be seen by others could violate a patient’s right to privacy. It is also a violation of the HIPAA Privacy Rule, and could result in serious fines and penalties.

Be sure to:

  • Lock or log out of computer screens when leaving your terminal
  • Secure documents with PHI when leaving your desk or at the end of the day
  • Keep an eye out for PHI that may be inappropriately visible to patients
  • Offer patients the ability to use a private area to discuss upcoming appointments, procedures, or diagnosis information
  • Avoid PHI discussions in public areas
  • Use a quiet tone if you must discuss PHI in areas of the medical practice where you could be overheard, like hallways

If you have PHI questions, contact the compliance office at 540–245-7455, or message Scott Jones at If you prefer to make an anonymous report you can do so at the Compliance Hotline at 855-298-5598, or at