• Multi-Factor: Beginning 8/1/17, before accessing HR Direct, you will need to enroll in DUO, our Multi-factor Authentication

    Multi-Factor Authentication coming to HR Direct!

    Beginning Tuesday, August 1, 2017, before accessing HR Direct, you will need to enroll a phone number in DUO, our Multi-factor Authentication (MFA) provider. This is a University-wide initiative to ensure that your personal information is protected. MFA requires you to provide something you know (your username and password), and something you have (such as a cell phone and/or landline).  When logging into HR Direct for the first time on or after August 1, 2017, you will be prompted to enroll with DUO. Once complete, you will then follow a simple two-step authentication process when accessing HR Direct. The link below will provide you all the information you need to register for MFA with DUO and prepare you for this important change.

    http://umassmed.edu/it/security/multi-factor-authentication

     

  • Multi-Factor: Beginning 8/1/17, before accessing HR Direct, you will need to enroll in DUO, our Multi-factor Authentication

    Multi-Factor Authentication coming to HR Direct!

    Beginning Tuesday, August 1, 2017, before accessing HR Direct, you will need to enroll a phone number in DUO, our Multi-factor Authentication (MFA) provider. This is a University-wide initiative to ensure that your personal information is protected. MFA requires you to provide something you know (your username and password), and something you have (such as a cell phone and/or landline).  When logging into HR Direct for the first time on or after August 1, 2017, you will be prompted to enroll with DUO. Once complete, you will then follow a simple two-step authentication process when accessing HR Direct. The link below will provide you all the information you need to register for MFA with DUO and prepare you for this important change.

    http://umassmed.edu/it/security/multi-factor-authentication

     

What is PHI?

What is PHI?

What is "protected health information" (PHI) and "electronic protected health information" (ePHI) under HIPAA?

Protected health information (PHI) – Information created, transmitted, received or maintained by UMMS, including demographic information, related to the:
• Past, present, or future physical or mental health or condition of an individual;
• Provision of health care to an individual; or
• Past, present, or future payment for the provision of health care to an individual;
together with any of the identifiers in the list below.
Note: Information for deceased individuals continues to be PHI until the individual has been deceased for more than 50 years.

Electronic protected health information (ePHI) - PHI that is transmitted by electronic media; maintained in electronic media; transmitted or maintained in any other electronic form or medium. 

Under the HIPAA Privacy Rule, protected health information (PHI) refers to individually identifiable health information. Individually identifiable health information is that which can be linked to a particular person. Specifically, this information can relate to:

  • The individual's past, present or future physical or mental health or condition,
  • The provision of health care to the individual, or,
  • The past, present, or future payment for the provision of health care to the individual.

Common identifiers of health information include names, social security numbers, addresses, and birth dates.

Names (of patients, relatives, or employers)

Social security numbers

Device identifiers and serial numbers

All geographic subdivisions smaller than a State

Medical record numbers

Web Universal Resource Locators (URLs)

All elements of dates (except year) including birth date, admission date, discharge date, date of death; and all ages over 89

Health plan beneficiary numbers

Internet Protocol (IP) address numbers

Telephone numbers

Account numbers

Biometric identifiers, including finger and voice prints

Fax numbers

Certificate/license numbers

Full face photographic images and any comparable images

Electronic mail addresses

Vehicle identifiers and serial numbers, including license plate numbers

Any other unique identifying number, characteristic, or code

PHI does not include information maintained about an individual by UMMS for employment purposes, such as employee health records.

The HIPAA Security Rule applies to individual identifiable health information in electronic form or electronic protected health information (ePHI).  It is intended to protect the confidentiality, integrity, and availability of ePHI when it is stored, maintained, or transmitted.

▴ Back To Top