PHI/PII Policy

107 views
Skip to first unread message

Data at the Point of Care (DPC) Community

unread,
Mar 3, 2021, 11:21:52 AM3/3/21
to Data at the Point of Care (DPC) Community
Hello DPC Community,

Please be careful not to share either Personally Identifiable Information (PII) as defined in the Privacy Act of 1974 or Protected Health Information (PHI) when posting to this Google Group or in emails sent to CMS.

In certain circumstances, CMS may ask you to provide a data file to assist us in troubleshooting a problem that you bring to our attention. It is your responsibility to remove all PII and PHI from any file that you share with us on this website or via email.


Examples of PII, PHI and other sensitive information include:
  • TIN (Taxpayer Identification Number)
  • NPI
  • API keys
  • Social security numbers
Common places where you might include this information include:
  • API request or response payloads, in the text of your post
  • API request or response payloads, in files attached to your post (e.g. .xml, .json)
  • API request or response payloads, in screenshots attached to your post


If you are sharing API request or response payloads, please redact PII and other sensitive information by replacing the information with the words 'REDACTED'. For example:

{
"entityType": "individual",

"taxpayerIdentificationNumber": "REDACTED",

"nationalProviderIdentifier": "REDACTED",

"performanceYear": 2017,

"measurementSets": [

  {

    "measurements": [

      ....


When in doubt, leave it out.

Best,
The DPC Team
Reply all
Reply to author
Forward
0 new messages