Reviewing Protected Health Information (PHI)

The secure and appropriate handling of Protected Health Information (PHI) remains essential in value-based care. Coordinated care relies on timely access to accurate patient information, but it must always be balanced with our responsibility to protect patient privacy and comply with regulatory requirements.

What Is PHI?

PHI includes any information that can identify a patient and relates to their health status, care, or payment. This applies across all formats – electronic, paper, and verbal.

PHI In Value-Based Care: What To Keep In Mind

Use PHI to support care coordination: Access and share information only as necessary to support treatment, care management, and approved operational activities.

Share securely across teams and partners: When collaborating with providers, coders, and care teams, use only approved systems and follow established data sharing protocols.

Minimum necessary standard: Even in a collaborative environment, only access or disclose the minimum information needed to perform your role.

Verify authorization: Ensure appropriate agreements (e.g., BAAs) and permissions are in place before sharing PHI with external partners.

Protect data in all settings: Whether working onsite or remotely, safeguard PHI by securing devices, avoiding public discussions, and properly storing or disposing of sensitive information.

Accuracy matters: Complete and accurate documentation supports quality outcomes, risk adjustment, and compliance. Handle all patient data with care and attention.

When in Doubt – Ask

If you are unsure about how to use or share PHI within our organization, please reach out to your immediate supervisor or our Compliance epartment before proceeding.

Protecting PHI enables us to deliver high quality, coordinated care while maintaining the trust of our patients and partners.

Thank you for your continued commitment to compliance and excellence in care.