Author: Reliant Communications

Posted on

Email and Protected Health Information

Business Email Compromise (BEC) is a type of attack on company email systems where the hacker’s goal is to gain access to an email system and search for data that can be used to commit fraud.

In the healthcare industry, fraudsters are committing BEC to steal protected health information (PHI). Why? Because PHI has many use cases unlike credit card and account data which is only useful until the victim cancels the credit cards and accounts. PHI such as a “Face Sheet” typically contains a treasure trove of information that can be used to commit medical services theft, Medicare/Medicaid fraud, fraudulent insurance billing, and income tax fraud to name a few.

Healthcare companies and their employees are required by HIPAA to protect PHI. You can do your part to protect PHI from BEC by taking the following actions:
• deleting emails containing PHI as soon as they are no longer necessary to retain,
• never sharing your password with anyone,
• changing your password regularly using strong passwords, and
• before clicking any link – STOP. LOOK. THINK.

Posted on

A Hard Stop and Fast Go: RUGs-IV to PDPM Transition

September is here, which means October 1st is less than 30 days away. Transitioning the patients receiving care under Medicare Part A to the PDPM September 30th to October 1st will require the planning and attention of the interdisciplinary team (IDT). Here are some IDT considerations for all Medicare A patients admitted prior to October 1st:

  • Payment for the month of September, regardless of admit date, must be transmitted using the RUGs IV classification system.
  • To receive payment for October 1st and beyond, a Transitional Interim Payment Assessment (IPA) must be completed and have an ARD set no later than October 7, 2019.
  • The facility has the normal transmission time frame of 14 days to submit the transitional IPA. Use this time and plan appropriately!
  • Remember! The patient’s care needs and plans do not change on October 1st. Only payment is changing. A therapy recertification or re-evaluation is not necessary, and the facility care plan is still active.
  • Therapy and nursing will need to complete interim Section GG scoring for the 10 Section GG items that produce the PDPM Function Score.
  • Discuss current caseload and any new admissions to identify all necessary comorbidities, clinical conditions and services, restorative nursing needs, primary reason for skilled admission, and surgical interventions during the most recent hospital stay.
  • Ensure timely communication of admissions for screening and/or completion of a holistic evaluation by therapy.
  • Plan for discharge destination and goals upon admission to allow for predictive length of stay and to identify patient specific education and resource needs.
  • Continue to coordinate care between therapy, nursing, and facility support staff to foster outstanding functional outcomes and safe transitions to the next level of care!

Your partners at Reliant Rehabilitation are here to help with the transition to the PDPM.  The Director of Rehabilitation at your facility has been provided extensive training and is equipped to facilitate therapy and collaborate with the facility through the October 1st transition.  Feel free to reach out to your Reliant partners with any questions or to help you problem solve.  Together, we can make this a smooth transition.

Posted on

Return to Provider Codes and the Patient Driven Payment Model

ICD-10 Codes and PDPM Mapping

The Centers for Medicare and Medicaid Services (CMS) have identified, categorized, and mapped medical conditions through ICD-10 coding which predict payment for physical therapy, occupational therapy, speech therapy, nursing, and non-therapy ancillary needs.

Physical therapy, occupational therapy, and speech therapy will be categorized based on the primary diagnosis for the SNF stay as coded in item I0020B. This single primary diagnosis will then map to 1 of 10 PDPM clinical categories which directly impacts reimbursement.

Are “return to provider” codes allowed?

Certain codes entered in I0020B (primary reason for skilled stay) will map to “return to provider”. If a “return to provider” code is used in I0020B of the MDS, the claim will be returned for revision of the code entered in I0020B.

The “return to provider” codes include symptom codes that may be used by physical, occupational, and speech therapists as treatment diagnoses on their plans of care.

Examples include but are not limited to: M25.561 pain in right knee, M62.81 muscle weakness (generalized), R13.11 dysphagia – oral phase, R27.9 unspecified lack of coordination, R26.81 unsteadiness on feet, and R41.841 cognitive communication deficit.

Symptom codes do not represent the primary reason for the SNF stay; therefore, they are not appropriate for I0020B. However, they do support the highly specified and individualized treatment provided to the patient by therapy and must be coded by therapy as treatment diagnoses and reflected on the UB04 and other areas of the MDS. This coding ensures a full clinical picture of the patient’s clinical characteristics is provided and ensures the claim is supported in the event additional review is requested.

Posted on

Ten Simple HIPAA Tips

  1. Ensure discussion of PHI (protected health information) is where you cannot be easily overheard. 
  2. ePHI should not be saved on unencrypted devices such as laptops, desktops, servers, USB drives, etc.
  3. When leaving your workstation unattended, logoff or manually lock your workstation.
  4. Computer equipment should not be left unsecured such as in an unattended vehicle or hotel room.
  5. PHI should not be left on a copier or scanner unattended.
  6. Paper PHI should be disposed of properly by shredding.
  7. Keep passwords safe. Do not write down or share your password.
  8. Double check fax numbers and email addresses to ensure you have the correct information before faxing or emailing PHI.
  9. Patient photos or stories require a signed authorization prior to taking or using. Authorization forms can be obtained on the Reliant portal.  
  10. Report suspected HIPAA violations to your supervisor or the company privacy officer.  Reliant employees may contact their Privacy and Information Security Officer at privacy@reliant-rehab.com.
Posted on

HIPAA Happenings: Holiday Phishing

Cyber criminals take advantage of the holidays to disguise their phishing campaigns and malware as seasonally accepted email. Requests for donations to fraudulent organizations, bogus holiday advertisements, and posing as package delivery services are common this time of year.
Click here to view a real example of a phishing email impersonating Federal Express.

What to Do If You Suspect You Are a Victim of Phishing:

  • Change your password immediately.
  • Contact your IT Department.
  • For Reliant employees contact support@reliant-rehab.com or call 225-767-7670.
Posted on

CMS’ FY 2020 SNF PPS Final Rule Released

Yesterday, the Centers for Medicare and Medicaid Services (CMS) issued the FY 2020 Skilled Nursing Facility (SNF) Prospective Payment System (PPS) Final Rule, which will take effect on October 1, 2019. 

This final rule updates the payment rates used under the prospective payment system (PPS) for skilled nursing facilities (SNFs) for fiscal year (FY) 2020. CMS has also made minor revisions to the regulation text to reflect the revised assessment schedule under the Patient Driven Payment Model (PDPM). Additionally, CMS revised the definition of group therapy under the SNF PPS, and implemented a subregulatory process for updating the code lists ICD-10 used under PDPM. Finally, the final rule updated requirements for the SNF Quality Reporting Program (QRP) and the SNF Value-Based Purchasing (VBP) Program.

Below are a few highlights from the final rule: 

  • The federal rates in this final rule reflect an update to the rates that CMS published in the FY 2019 SNF PPS final rule, which reflects the SNF market basket update, as adjusted by the multifactor productivity (MFP) adjustment, for FY 2020.
  • The SNF market basket percentage is 2.4 percent for FY 2020, which is an increase in payments of $851 million compared to FY 2019. This estimated increase is attributable to a 2.8 percent market basket increase factor with a 0.4 percentage point reduction for the multifactor productivity adjustment. This is a decrease from the proposed update of 2.5 percent and $887 million.
  • Effective October 1, 2019, group therapy will be defined as “a qualified rehabilitation therapist or therapy assistant treating two to six patients at the same time who are performing the same or similar activities.”
  • CMS is not finalizing its proposal to expand data collection for SNF QRP quality measures to all SNF residents, regardless of their payer. 
  • CMS is finalizing as proposed, without modification, the process for updating the ICD-10 code mappings and lists associated with PDPM. As proposed, the subregulatory process for updating the ICD-10 codes used under PDPM will take effect beginning with the updates for FY 2020.   
  • The Final Rule updates requirements for the SNF QRP, including the adoption of two Transfer of Health Information quality measures and standardized patient assessment data elements that SNFs would be required to begin reporting with respect to admissions and discharges that occur on or after October 1, 2020. 
  • CMS is finalizing its proposal to exclude baseline nursing home residents from the Discharge to Community Measure.
  • CMS is finalizing its proposal to publicly display the quality measure, Drug Regimen Review Conducted with Follow-Up for Identified Issues, under the SNF Quality Reporting Program.
  • CMS is replacing the terminology for the “5-Day Assessment” with “Initial Medicare Assessment”.
Posted on

Password Hygiene

Do you have good password hygiene?  Good password hygiene helps keep your work and personal information safe. 

You have healthy password hygiene if you:

  1. Create strong passwords by establishing passwords minimally 8 characters in length and containing upper case, lower case, and symbols.  A password of more than 8 characters is even better because more guesses will be needed by hackers to get it right.  Even with frequent warnings regarding cyber security, the two most common passwords people use are “password” and “12345678”!
  2. Use a different password for every account or online profile.  Should the system you are using be compromised that password could be published for the world to see.  There are almost 2.7 billion rows of data in the “Have I Been Pwned?” website of account information that has been compromised in data breaches.  This is a respected site that aggregates data breaches in order to make it easy for people to find out if they have been impacted by a breach.  You can check it yourself by going to https://haveibeenpwned.com.  
  3. Use two-factor authentication (2FA) whenever available.  This requires a second code be entered that will be provided through text, email or token in addition to your User ID and Password.
  4. Never write down your User ID or password and particularly never write it down and post it to your computer.

Maintain healthy security by maintaining healthy password hygiene.

Posted on

Initiating Conversations Beyond the Facility

Ninety-five days, three months, or one quarter to go until the hard transition from RUG-IV to PDPM. However you prefer to frame it, there’s no denying the next few weeks will demonstrate a shift from theoretical planning of the facility processes to practical application. Within the current planning process Reliant has been privileged to be included in many of your conversations regarding facility education opportunities, interdepartmental communication strategies, and service delivery execution under PDPM.

The preparation and planning strategies have circulated around accurate MDS coding to ensure appropriate resource provision for the patient’s care needs while a resident in our facilities. We are actively educating all levels of nursing staff, therapy staff, administration, and admissions coordinators in expected conversation changes, but have we considered education needs beyond the facility? 

Under PDPM, facilities will be asking more detailed questions of the hospital discharge coordinators and specialists’ offices. We’ll be seeking clarification, coding specificity, and asking probing questions to ensure the patient’s assessment reflects all active comorbidities and conditions. As such, our community partners may begin to ask, “Where is this coming from?” Providing these partners with a big picture snapshot of PDPM and potential conversation changes will help to ease questions and prepare our partners for their own best practice referral strategy.

Team work and collaboration should start before a resident’s admission to the SNF and continue throughout the entire stay.  If you haven’t already, now is the time to reach out to your partners to initiate conversations regarding any process changes required for this transition.  By working together and proactively engaging our referral sources, we can identify education targets now, and avoid pitfalls in the future. 

Posted on

Common HIPAA Violations Employees May Not Realize

Have you ever or do you routinely email Protected Health Information (PHI) to your personal email account so you can catch up on work outside of the facility?  With the many demands of the job to get the work done, it can be tempting.  This commonly results in a HIPAA violation as the information is not properly protected and more easily breached!  Although your intentions may be good, this is not an appropriate practice. Your company may have a policy directly relating to PHI. Reliant employees should refer to Policy 8.3 – Use of E-Mail and Text Messaging for full policy information.

The same caution applies to taking paper patient information outside of the facility.   Removing protected health information from a healthcare facility places that information at risk of exposure.  Without appropriate measures in place to safeguard this information in transport and outside of the facility, it is in violation of HIPAA Rules.  Reliant employees should refer to Policy 3.14 – IT Equipment Protection & Physical Access Controls for full policy information.

Posted on

PDPM Part 9: The Role of Therapy in the Nursing and Non- Therapy Ancillary (NTA) Components

In less than 6 months, the long-awaited transition to the Patient Driven Payment Model (PDPM) will occur. By now you’ve probably participated in multiple webinars and on-site meetings regarding the shift to this new payment model. One of the most consistent themes in these trainings is the use of the interdisciplinary team to ensure accuracy with coding on the MDS. While it may be obvious why the therapy team needs to contribute information for the physical therapy, occupational therapy, and speech language pathology components of PDPM, it may be less obvious why their input is crucial to the nursing and non-therapy ancillary components.

The nursing component within PDPM employs the familiar hierarchical classification method for case mix qualification. The most significant change from RUG IV is the removal of Section G and the ADL score from the classification and the introduction of the Section GG function score. The nursing, PT and OT function scores factor in seven of the same GG late loss items. Unlike RUG IV, there is no direct correlation between the function score and the case mix index (CMI). Therefore, a lower function score does not necessarily mean a higher CMI. However, subtle changes in reimbursement for nursing services provided is reflected in PDPM as seen in the use of restorative programming, extensive services, present condition, and physical function.

The non-therapy ancillary component consists of fifty conditions, each assigned a weighted value of 1-8. The weighted value is in direct proportion to pharmaceutical costs associated with that condition. These point values are summed to determine the comorbidity score for the patient. The higher the comorbidity score, the higher the CMI and reimbursement. Additionally, PDPM accounts for higher pharmaceutical costs early in the stay by front loading this CMI at 300% for the first 3 days of the stay. A thorough review of the medical record, full body assessments, and reconciliation of prescriptions to conditions must be completed to ensure all possible comorbidities are captured on the MDS.

The rehabilitation team plays a critical role in identification and accurate coding of clinical characteristics for the resident in relation to the nursing and NTA components. By establishing a foundation of understanding in relation to therapy’s role for each component, as well as fostering clinical skills to conduct holistic, full system evaluations the therapy team will aid in ensuring comorbidities are accurately coded and help identify the appropriateness of restorative programming. The conversations occurring at the interdisciplinary table regarding each new resident will shift from the projected amount of therapy to review of clinical conditions and care to allow for appropriate resources for the projected needs of the resident.

PDPM is in many ways more of a prospective payment system than RUG-IV has ever been. Therefore, with the transition to PDPM, it is more important than ever for administration, nursing, MDS coordinators, and therapy to coordinate together for accurate coding on the MDS. If one piece of the interdisciplinary team is missing, important patient information may fall through the cracks.

While an interim payment assessment is always an option, capturing an accurate picture during the initial assessment ensures the full intention of the PDPM reimbursement methodology is captured for each component including the NTA’s variable per diem rate.

Posted on

CMS Improvements to Recovery Audit Process

The size of the Medicare program is astronomical – the system processes over one billion claims a year. CMS uses several types of contractors to verify that Medicare Fee for Service (FFS) claims are paid based on Medicare requirements. One type of contractor is a Recovery Audit Contractor (RAC). The Medicare FFS RAC Program is one of many tools used to prevent and reduce improper payments. RACs identify and correct overpayments made on claims for health care services provided to beneficiaries, identify underpayments to providers, and provide information that allows CMS to prevent future improper payments.

However, in the past there were numerous complaints about the RAC program. Providers found the audits time-consuming, necessitating high administrative expenses, and often requiring lengthy appeals. CMS listened to what providers were telling them and made meaningful changes. That input informed their thinking as they re-examined all aspects of the RAC process. They identified areas where they could reduce provider burden and appeals, and increase program transparency, while enhancing program oversight and effectiveness.

On May 3rd, CMS Administrator Seema Verma, outlined the key improvements and enhancements that were made to the program including:

  • Better Oversite of RACs:
    • Accountable for maintaining a 95% accuracy score.
    • Maintain an overturn rate of less than 10%.
    • Contingency fee will be delayed until after the second level of appeal is exhausted.
  • Reducing Provider Burden and Appeals:
    • Must audit proportionally to the types of claims a provider submits.
    • Conduct fewer audits for providers with low claims denial rates.
    • Allow more time to submit additional documentation before needing to repay a claim.
  • Increasing Program Transparency:
    • Regularly seeking public comment on proposed RAC areas for review.
    • Required enhancements to provider portals for claim status understanding.

While the audits can become cumbersome and overwhelming at times, ensuring that the care being provided is the most appropriate for each individual patient will only continue to assist in getting the health system where it needs to be. The improvements outlined above have helped and will to continue to help make patient care, not paperwork compliance, the main focus of providers.

CMS’ blog regarding recovery audit improvements:

https://www.cms.gov/blog/recovery-audits-improvements-protect-taxpayer-dollars-and-put-patients-over- paperwork

More information on the Medicare FFS Recovery Audit Program can be found at: https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS- Compliance-Programs/Recovery-Audit-Program/

Posted on

Indictment of Anthem Breach Hackers

Do you remember hearing about the Anthem breach in 2015? Hackers infiltrated Anthem’s network and breached the personal health information of 78.8 million patients. This was one of the worst data breaches in US history if not the worst. There is some good news being reported. The Department of Justice has indicted two China-based hackers for the Anthem hack and breach.

How did the hackers do it?

The hackers allegedly used methods to hack including spear-phishing emails sent to employees embedded with links. After the employee clicked on the link, the malicious malware was installed to infect and compromise the system. Once inside the system, the hackers installed what is called a “backdoor” which in this case was undetected by the organization infected. This “backdoor” allows the hackers to come and go as they please. Although the hack was discovered in 2015, it began in 2014 with the hackers coming through the back door and conducting reconnaissance to identify information of interest.

What is the Lesson Learned?

Be on the lookout for “phishy” emails. Here are a few tips to assist in identifying Phishing emails.

  1. Does the email invoke a sense of urgency, fear, or curiosity?
  2. Does it ask you to click a link, open an attachment or provide your user Id/password or other sensitive information?
  3. Do you know the person that sent the message and were you expecting it? Hackers can “spoof” messages meaning they make it look like it is coming from a known sender when it is not. If you know the sender but were not expecting it, contact the sender by a means other than email to confirm.

What to do when you suspect a phishing email?

For Reliant employees who use Reliant’s email, a “Phish Alert Button” was recently implemented within the email system. This button is easily accessible within the user’s email and allows the suspicious email to be reported at the click of a button. After clicking this button, it alerts the Reliant support team and allows security measures to be quickly added to prevent others from clicking on similar malicious e-mails.

Customers who don’t have a similar “Phish Alert Button” in place, should report suspicious emails to their support team through established reporting processes.

Posted on

March 2019 Healthcare Data Breaches

The Health and Human Services Office of Civil Rights (OCR) is responsible for enforcing civil right laws. Covered Entities such as Skilled Nursing Facilities and Business Associates must comply with HIPAA regulations which includes reporting breaches of Protected Health Information (PHI). Breaches affecting 500 or more individuals are posted by OCR on a public website. Breaches affecting less than 500 individuals are also required to be reported but are not posted for public viewing.

To give you an idea of the information available on the public site using March 2019 data, there were 32 breaches reported with 500 or more individuals involving 951,252 individuals. Of these 32 breaches, there were 22 Healthcare Providers, 4 Health Plans, and 6 Business Associates involved.

The types of breaches consisted of

  • 20 – Hacking/IT Incidents
  • 8 – Unauthorized Access/Disclosure
  • 4 – Thefts

Breaches involving email and network servers accounted for 893,502 of the impacted individuals (see chart below). This is why security awareness training, good password management practices, and virus protection are so important.

For a list of the names of companies impacted and other information, visit the OCR portal at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Posted on

FY2020 Skilled Nursing Facility (SNF) PPS Proposed Rule

On Friday, April 19, 2019, CMS released the FY2020 skilled nursing facility (SNF) proposed rule for public inspection and comment.

There is estimated to be a 2.5% market basket increase for FY2020 aggregate payments as calculated through a 3.0% market basket increase and a 0.5% multifactor productivity adjustment resulting in an $887 million annual increase.

The proposed rule includes three proposed changes related to the Patient Driven Payment Model (PDPM). First, CMS proposes changing the definition of group therapy in a SNF setting to match the definition in the IRF setting. Specifically, CMS proposes defining group therapy in the SNF Part A setting as “a qualified rehabilitation therapist or therapy assistant treating two to six patients at the same time who are performing the same or similar activities.”

Second, CMS proposes using a subregulatory process to provide non-substantive updates to ICD-10 codes used in PDPM through the PDPM website, while substantive changes will still be made through the traditional notice and rulemaking process. Non-substantive updates are those made to maintain consistency with the most recent ICD-10 code set. CMS is proposing that this take effect with the start of PDPM on October 1, 2019.

The third and final proposed change is to update the regulation text to reflect changes in the assessment schedule under PDPM which were already finalized in the FY2019 final rule. These changes are to reflect the policy taking effect under PDPM on October 1, 2019. For the initial patient assessment, the proposed regulation changes would state that “the assessment schedule must include performance of an initial patient assessment no later than the 8th day of post-hospital SNF care.” Additional proposed changes to regulation text would reflect the optional interim payment assessment.

SNF Quality Reporting Program

This rule proposes to update the SNF QRP effective October 1, 2020 to include:

  • Expansion of data collection for the SNF QRP quality measures to all skilled nursing facility residents, regardless of their payer.
  • The addition of two Transfer of Health Information quality measures.
  • Exclusion of baseline nursing home residents from the Discharge to Community Measure.
  • Public display of the quality measure, Drug Regimen Review Conducted with Follow-Up for Identified Issues.

Request for information (RFI) on the importance, relevance, appropriateness, and applicability measures of standardized patient assessment data elements (SPADEs) for future years in the SNF QRP.

SNF Value Based Purchasing Program

The SNF VBP Program is proposing to change the name of the program’s measure to the “Skilled Nursing Facility Potentially Preventable Readmissions after Hospital Discharge” measure. The measure will retain its previous abbreviation (SNFPPR).

The proposed rule also includes an update to the public reporting requirements to ensure that CMS publishes accurate performance information for low-volume SNFs.

CMS encourages comments from stakeholders. The comment period is open until June 18, 2019.

Download the proposed rule from the Federal Register. Download the CMS fact sheet.

To learn more about Reliant’s preparedness for PDPM, visit our website today.

Posted on

PDPM Part 7: Changes in the Interdisciplinary Team Conversation

From an active diagnosis of endocarditis to an aphasia comorbidity, it is evident more than ever that physical therapists, occupational therapists, and speech language pathologists need to thoroughly review full body systems during evaluation for identification of the patient’s underlying conditions and comorbidities.

Under PDPM these holistic assessments extend beyond the impaired system and will allow the clinicians to bring relevant, meaningful clinical information to the interdisciplinary table. This information will contribute directly to the identification of SLP related comorbidities and the non-therapy ancillary comorbidity score to ensure the patient’s clinical classification is accurate and representative of the potential resource use needs during their stay.

A breakdown in this interdisciplinary collaboration may lead to missed opportunities for proper reimbursement. However, with extensive therapy evaluations and interdisciplinary collaboration, these opportunities won’t slip through the cracks.

Begin exploring how team conversations will change under PDPM and identify areas to improve interdisciplinary communication. Be on the lookout for Reliant resources relevant to interdisciplinary team success.

Posted on

Changes to Nursing Home Compare in April 2019

The Centers for Medicare & Medicaid Services (CMS) has announced updates coming next month to Nursing Home Compare and the Five-Star Quality Rating System including:

  • Lifting the “freeze” on the health inspection star ratings
  • Automatically give one-star staffing ratings to nursing facilities that have four or more days per quarter with no registered nurse (RN) on site, down from the current threshold of seven or more.
  • Establishing separate quality ratings for short-stay and long-stay residents and revising the rating thresholds to better identify the differences in quality among nursing homes making it easier for consumers to find the right information needed to make decisions.

Read on for more information or visit the CMS Nursing Home Compare site.

Posted on

Guidance Issued Regarding Immediate Jeopardy Situations

Earlier this month, Seema Verma, Administrator for CMS posted a blog entitled “Protecting the Health and Safety of All Americans”. In this blog, Seema states guidance is needed to address violations of health and safety regulations that cause serious harm or death to a patient and require immediate action to prevent further serious harm (immediate jeopardy).

In turn, CMS has issued guidance which clarifies what information is needed to identify immediate jeopardy cases across all healthcare provider types, which they believe will result in quickly identifying and ultimately preventing these situations. This new guidance can be found in Appendix Q of the State Operations Manual that federal and state inspectors use.

Access to CMS training

Revised Guidance Tools Read the full memorandum

Posted on

SNF Provider Threshold Report (PTR) Now Available

The new Skilled Nursing Facility (SNF) Provider Threshold Report (PTR) is now available. This PTR is a user-requested, on demand report which enables users to obtain the status of their data submission completeness related to the compliance threshold required for the SNF Quality Reporting Program (QRP). For more information, click here.

Posted on

SNF QRP Provider In-Person Training

The Centers for Medicare & Medicaid Services (CMS) will be hosting a 2-day Skilled Nursing Facility (SNF) Quality Reporting Program (QRP) in-person ‘Train the Trainer’ event for providers on May 7 and 8, 2019. This event will be open to all SNF providers, associations, and organizations. Access more information here.

Posted on

Guide to Personally Identifiable Information (PHI)

Whether at work, at home, or on the go, data that is often the top target of
cybercriminals is all around us. Protecting that data isn’t a highly technical process, but
rather one that requires common sense and a strong commitment to privacy in every
aspect our lives!


What is PII?
PII, or personally identifiable information, is sensitive data that
could be used to identify, contact, or locate an individual.


What are some examples of PII?
PII includes (but is not limited to) home addresses, personal email addresses,
national ID numbers, credit card numbers, and personal phone numbers.


What are some examples of non-PII?
Info such as business phone numbers and email addresses, race, religion,
gender, workplace, and job titles are typically not considered PII. But they
should still be treated as sensitive, linkable info because they could identify
an individual when combined with other data.


Why is PII so important?
On a personal level, our PII is necessary to acquire some goods and services, such
as medical care and utilities. But in the wrong hands, PII leads to identity theft
and other forms of fraud. On a professional level, you may store PII of customers,
clients, vendors, contractors, employees, and partners. If left unprotected, your
organization could face steep fines and your reputation could be severely damaged.


How do you protect PII at work?
Protecting PII begins and ends with following your organization’s security
policies, which were created to ensure that the data remains
private. Treat all requests for sensitive info with a high degree of scrutiny, stay
alert, think before you click, and if you have any questions, ask them!


How do you protect PII at home?
Develop a home security policy similar to those at work, which calls for common
sense practices, such as not clicking on random links and attachments, guarding
personal info online and in real life, destroying sensitive documents beyond
recognition and setting social media profiles to fully private.