Reminder to not share PII, PHI, and sensitive information

95 views
Skip to first unread message

Beneficiary Claims Data API (BCDA) Community

unread,
Nov 3, 2022, 6:37:32 PM11/3/22
to Beneficiary Claims Data API (BCDA) Community

Hello BCDA Community,

Please be careful to not share Personally Identifiable Information (PII) as defined in the Privacy Act of 1974 or Protected Health Information (PHI) when posting to this Google Group or in unencrypted emails sent to CMS.

This is a friendly reminder that although the Google Group is a place to share general information and support each other, it is still a public forum where PII, PHI, and sensitive information cannot be shared.

Examples of PII, PHI, and other sensitive information include:

  • Medicare Beneficiary Identifier (MBI)
  • Taxpayer Identification Number (TIN)
  • National Provider Identifier (NPI)
  • Social Security Number (SSN)
  • API keys or access credentials (e.g., Client ID, Client Secret)

This sensitive information can be commonly found in API requests or response payloads referenced in:

  • The text of your Google Group post or emails
  • Files attached to your Google Group post or emails (e.g. XMLs, JSONs)
  • Screenshots attached to your Google Group post or emails

If you are sharing API requests or response payloads, please redact PII, PHI, and other sensitive information in the following ways:

  • For emails and editable documents, replace the sensitive information with the word "REDACTED."
    • Please see an example of this at the end of the post.
  • For screenshots and non-editable documents (e.g., PDFs), use a basic photo editor to cover the sensitive information.
    • This can be done by adding a shape over the information. Make sure the shape is set to "100% opaque" or "0% transparency", and save the final image in a format that does not support layers (e.g., PDF).

We are continually improving our resources and tools to reduce the risk of exposing sensitive information in the BCDA Google Group. We welcome feedback from Google Group members on how we can do that more effectively.

Thank you in advance for your attention to this matter and your continued work with our API!

The BCDA Team

--------

EXAMPLE OF A REDACTED RESPONSE

{
"entityType": "individual",

"taxpayerIdentificationNumber": "REDACTED",

"nationalProviderIdentifier": "REDACTED",

"performanceYear": 2017,

"measurementSets": [

  {

    "measurements": [



Reply all
Reply to author
Forward
0 new messages