Healthcare is a data-rich industry. These data are created across the entire healthcare ecosystem; they represent a wealth of information that can be used to ultimately lead to better patient outcomes. The amount of data generated is unprecedented.
Research from IDC has shown health data growth to be exponential: By 2020, the industry to will generate around 2,314 exabytes (EB) of data. Just to put that into perspective, 1 EB is equal to 1 billion gigabytes.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has created a specific definition of health data that requires protection under the auspices of the Privacy Rule. These data are referred to as Protected Health Information (PHI) and fall under the umbrella of “individually-identifiable health information,” “identifiable” being the operative word which we will talk more about later. The Privacy Rule also specifies which organizations or “covered entities” come under the ruling that are required to implement the requirements of the HIPAA Privacy Rule.
What Is Considered Protected Health Information Under HIPAA?
Any data that is created, collected or disclosed during interaction with healthcare services and that can be used to uniquely identify an individual is defined as Protected Health Information