Protected health information, or PHI, is any personally identifiable health information that was created, used, or disclosed in providing healthcare services, whether it was a diagnosis or treatment.
PHI can include the following:
- The past, present, or future physical health or condition of an individual
- Healthcare services rendered to an individual
- Past, present, or future payment for the healthcare services rendered to an individual, along with any of the identifiers shown below.
PHI has protected health information, especially in health records and conversations between healthcare professionals such as doctors and nurses about patient treatment.
PHI also provides billing details and any information in a health insurance company’s records that may be used to identify a person.
Electronically Protected Health Information or ePHI is PHI found in an electronic format, such as a computer or a digital file.
This is Protected Health Information (PHI) transferred, obtained, or saved in an electronic form.
The HIPAA Security Rule was the first to define ePHI, and organizations were advised to use administrative, technical, and physical protections to secure ePHI.
What Information is considered PHI?
PHI refers to any information that can be used to identify a person.
HIPAA has identified 18 unique identifiers for PHI. PHI is classified as any record that contains one of those 18 identifiers.
If these identifiers are deleted from a record, it is no longer considered Protected Health Information and is no longer subject to the HIPAA Privacy Rule’s restrictions. These are the 18 PHI Identifiers:
- Full names or last name and initial
- All geographical identifiers smaller than a state,
- Dates (other than year) directly related to an individual, such as birthday or treatment dates
- Phone Numbers including area code
- Fax number/s
- Email address/es
- Social Security number
- Medical record numbers
- Health insurance beneficiary numbers
- Bank Account numbers
- certificates/drivers license numbers
- Vehicle identifiers (including VIN and license plate information)
- Device identifiers and serial numbers;
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including fingerprints, retinal, genetic Information, and voiceprints
- Full-face photographs and any comparable images that can identify an individual
- Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data