What is PHI?
PHI stands for Protected Health Information.
Protected health information, or PHI, is any personal health information that was provided, used, or revealed in the process of delivering healthcare services, whether it was a diagnosis or treatment. In other words, PHI refers to personally identifiable data in medical records, such as treatment discussions between physicians, doctors, and nurses. PHI also contains billing information and any patient-identifiable information in the computer system of a health insurance provider. HIPAA (Health Insurance Portability and Accountability Act) uses the word "protected health information" to describe the type of patient information covered by the law. To be compliant with the legislation, eHealth applications that receive, store, or share PHI must adhere to HIPAA compliance guidelines.
- Any health information from a person from his past or present health data or his future health condition.
- Healthcare services rendered to an individual
- Payment for healthcare services provided to an individual in the past, present, or future, as well as any of the identifiers listed below.
PHI is personally identifiable information found in medical records and interactions between healthcare professionals such as doctors and nurses about patient care. PHI also provides billing details and any information in a health insurance company’s records that may be used to identify a person.
Prescriptions, medical or clinic visits, MRI or X-Ray reports, blood tests, billing details, or records of contact with the doctors or healthcare treatment staff are examples of PHI.
Electronically Protected Health Information or ePHI is PHI found in an electronic format, such as a computer or a digital file. This is personal health information (PHI) transferred, obtained, or saved in an electronic format.
These are the 18 Identifiers for PHI:
- Full names or last name and initial
- All geographical identifiers smaller than a state,
- Dates (other than year) directly related to an individual, such as birthday or treatment dates
- Phone Numbers including area code
- Fax number/s
- Email address/es
- Social Security number
- Medical record numbers
- Health insurance beneficiary numbers
- Bank Account numbers
- certificates/drivers license numbers
- Vehicle identifiers (including VIN and license plate information)
- Device identifiers and serial numbers;
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including fingerprints, retinal, genetic information, and voiceprints
- Full-face photographs and any comparable images that can identify an individual
- Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data