Are you unknowingly posting patient PHI online?

by Deboshree Sarkar, Product Marketing Manager

are-you-unknowingly-posting-patient-phi-online-blog-image

If you’re in a medical profession in which you regularly post patient images, take note.

According to an article in Becker’s Health IT, new search engine capabilities allow Google, Bing, and others to extract large-scale information from previously stored files, including source images placed into PowerPoint presentations and Adobe PDFs.

This means that an image with patient information embedded within it in a way that might not be obvious can now be indexed by these search engines. When explicit patient information is associated with information in search engines’ databases, it can be linked to further searches on the patient’s personal information.

Lack of proper redaction makes unwanted headlines

You don’t want to be caught in the embarrassing – and potentially expensive – situation where you’re responsible for unwittingly exposing confidential information; and in some cases, the stakes can involve a country’s national security.

Cautionary tales that support the concern of the healthcare industry include:

  • The Australian federal police sending documents to parliament that contained sensitive information
  • The U.S. military command in Baghdad posting a PDF that revealed the names of soldiers manning area checkpoints, training procedures, and more
  • A PDF posted by the New York Times that revealed details of the CIA and Britain’s efforts to engineer the 1953 coup that overthrew Iran’s elected leadership
  • Exposure of “redacted” information in a sensitive personnel situation at an Amherst, MA school system that was exposed via a Windows file provided through a freedom of information request to an Apple user

In fact, failure to adequately redact a public court document from February 2017 shows that Facebook considered for a time selling access to its users’ data.

What redaction is, and isn’t

Properly redacting a digital file involves removing sensitive information from the document, image or file completely and permanently.

Cropping out PHI with image formatting tools provided by presentation software (PowerPoint, Google Slides, and others) isn’t true redaction because it won’t permanently remove that PHI which may still be found in other areas of the files, such as the metadata. Similarly, placing black bars or other graphic elements on the images to “cover” PHI doesn’t work either, nor is it compliant.

Fortunately, it’s relatively quick and simple to properly redact content in a PDF document.

How to perform true redaction with Foxit PhantomPDF

Using PDF editor PhantomPDF Business, redaction is a simple two-phase process that lets you first mark the text or graphics for redaction, and then apply the redaction.

Mark for Redaction

To mark the text or graphics for redaction:

  • Select PROTECT > Redaction > Mark for Redaction, and the hand tool changes into a Cross automatically.
  • (Optional)Double-click an image to mark an entire image.
  • (Optional)Hold the pointer over the text you want to redact and drag a rectangle around it.
  • The rectangle will be filled with black color.

Apply Redactions

  • Apply the redactions after marking the text or graphics you want to redact. To apply the redaction:
  • Select PROTECT > Redaction > Apply Redactions.

A dialog box pops up to give a warning message and asks if you’re sure to apply the redaction or not. Select Applyafter you’ve marked all content that you want to redact and that’s it. The content is gone forever. (Which is one reason it’s a two-phase process, as this step can’t be undone. That’s why saving a backup copy is recommended.)

Search and Remove Text

You can also search for text that you want to redact to ensure it’s removed throughout your PDF document:

  • Select PROTECT > Redaction > Search and Redact.
  • Type the text you wish to redact into the search dialogue box and select search.
  • Check the results you want to redact.
  • Click the button Mark Checked Results for Redaction at the bottom of the search dialogue box.
  • Choose PROTECT> Redaction > Apply Redactions.

These redaction features in PDF software can help ensure your organization isn’t the next one to hit the news for putting confidential information where it doesn’t belong.

How to learn more

For more information on the hazards of improper redaction, along with how to properly perform true redaction with PhantomPDF, refer to the ACR post linked above, Foxit Blog articles including How to Properly Redact PDF files, The right way to redact information in your PDF documents, and a substantial lists of other redaction-related blog posts.


Leave a Reply

Your email address will not be published. Required fields are marked *


*