The Department of FISCal would like to remind end users that the FI$Cal system is not authorized under Federal and State regulations (i.e., Health Insurance Portability and Accountability Act (HIPAA), California Confidentiality of Medical Information Act (CMIA)) to contain protected health information (PHI). Therefore, to protect the security and privacy of an individual’s PHI and to limit any potential liability to the State of California, PHI is not permitted into the FI$Cal system, either directly, or as an attachment.
PHI is individually identifiable health information, including demographic information, which relates to:
- the individual’s past, present, or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual.
“Individually identifiable” means that the health information includes or contains any of the following element of personal identifying information sufficient to allow identification of the individual.
PHI Identifiers – Data Elements that Allow Patients to be Identified
- Account numbers
- Any unique identifying number or code
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Certificate/license numbers
- Dates, except year
- Device identifiers and serial numbers
- Email addresses
- FAX numbers
- Full face photos and comparable images
- Geographic data
- Health plan beneficiary numbers
- Internet protocol addresses
- Medical record numbers
- Names
- Social Security numbers
- Telephone numbers
- Vehicle identifiers and serial numbers including license plates
- Web URLs
On April 18, 2018, the Department issued System Letter 18-01, which detailed the procedures to be used by departments when executing transactions that may contain PHI. In addition, the Department prepared a Supplemental Job Aid entitled “Conducting Reasonable Accommodations Transaction 1.0” which provides users instructions to avoid entering PHI into the FI$Cal system when performing transactions related to Reasonable Accommodations in the FI$Cal PeopleSoft modules of Procurement, Accounts Payable, Project Costing, and Asset Management.
If you have any questions please contact Eric Harrald. FI$Cal Chief Information Security Officer at eric.harrald@fiscal.ca.gov or at 916-576-5218.