HIPAA Protected Health Information Definition
PHI stands for Protected Health Information, which refers to any information regarding an individual’s health status.
This may include providing health care, maintaining a medical record, and payment for a patient’s treatment.
All individually identifiable health information, such as demographic details, medical records, test results, insurance information, and other information used to identify a patient or provide healthcare services or coverage, is called protected health information.
The word ‘protected’ signifies that the HIPAA Privacy Law covers the Information.
What is ePHI?
Electronically protected health information (ePHI) refers to PHI that has been transferred, obtained, or saved in an electronic format.
Patient names, fingerprints, addresses, social security numbers, email addresses, and photographic images are examples of ePHI.
What Information is considered PHI?
If a piece of health information is to be considered PHI and controlled by the Health Insurance Portability and Accountability Act (HIPAA), it must meet two criteria:
- It has to be personally identifiable or recognizable to the patient.
- It has to be utilized or disclosed to a covered entity only during health care.
The 18 PHI Identifiers
- Geographic locators
- Fax numbers
- Phone numbers
- Email id
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate or license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial number
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger and voiceprints
- Any other unique identifying number, characteristic, or code
- Full face photographic images and any comparable images
What is not considered PHI?
Please keep in mind that not all personally identifiable Information comes under the definition of PHI. For example, a covered entity’s employment records that are not related to medical records.
Also, health data that is not shared with a covered entity or is personally identifiable doesn’t count as PHI.