What is PHI?

PHI stands for Protected Health Information.

Protected health information, or PHI, is any personal health information that was provided, used, or revealed in the process of delivering healthcare services, whether it was a diagnosis or treatment. In other words, PHI refers to personally identifiable data in medical records, such as treatment discussions between physicians, doctors, and nurses. PHI also contains billing information and any patient-identifiable information in the computer system of a health insurance provider. HIPAA (Health Insurance Portability and Accountability Act) uses the word "protected health information" to describe the type of patient information covered by the law. To be compliant with the legislation, eHealth applications that receive, store, or share PHI must adhere to HIPAA compliance guidelines.


PHI includes:-

  • Any health information from a person from his past or present health data or his future health condition.
  • Healthcare services rendered to an individual
  • Payment for healthcare services provided to an individual in the past, present, or future, as well as any of the identifiers listed below.

PHI is personally identifiable information found in medical records and interactions between healthcare professionals such as doctors and nurses about patient care. PHI also provides billing details and any information in a health insurance company’s records that may be used to identify a person.

Prescriptions, medical or clinic visits, MRI or X-Ray reports, blood tests, billing details, or records of contact with the doctors or healthcare treatment staff are examples of PHI.

Electronically Protected Health Information or ePHI is PHI found in an electronic format, such as a computer or a digital file. This is personal health information (PHI) transferred, obtained, or saved in an electronic format.

These are the 18 Identifiers for PHI:

  1. Full names or last name and initial
  2. All geographical identifiers smaller than a state,
  3. Dates (other than year) directly related to an individual, such as birthday or treatment dates
  4. Phone Numbers including area code
  5. Fax number/s
  6. Email address/es
  7. Social Security number
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Bank Account numbers
  11. certificates/drivers license numbers
  12. Vehicle identifiers (including VIN and license plate information)
  13. Device identifiers and serial numbers;
  14. Web Uniform Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including fingerprints, retinal, genetic information, and voiceprints
  17. Full-face photographs and any comparable images that can identify an individual
  18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data