Defining PHI Helps Secure Information

Defining PHI Helps Secure Information

Under the HIPAA Privacy Rule, protected health information (PHI) refers to health information that can identify an individual, or can be used with other available information to identify an individual. PHI requires two things:

  1. An identifier; and
  2. A piece of health information

The HIPAA privacy rule defines “individual identifiers” to include: names, addresses, Social Security numbers, telephone numbers, e-mail addresses, dates of birth, etc. Even a license plate number on a patient intake form, if it’s the only identifying information, can be considered PHI because it could be used to identify a person.

What is PHI?

PHI can come in many forms: Telephone calls and voice mails, X-rays, photos and videos, verbal interactions (e.g., overheard conversations), faxes, and digital information, such as in a patient’s electronic medical record. PHI in an electronic format is also protected by HIPAA’s security rule.
PHI is not limited to current information. It can relate to a patient’s past, present, or future physical or mental health or condition; health care provided to the individual, or; the past, present, or future payment for health care to the individual. For example, if a patient was hospitalized in a mental institution in his teens, but he is now 65, that information is still protected under HIPAA.

HIPAA Exclusions

HIPAA excludes educational records held by schools, which are covered by a different federal privacy law: The Family Educational Right and Privacy Act (FERPA). Also, employment records that contain identifiable health information that are held by a covered entity acting as an employer are not considered PHI.

Marcia Brauchler
Latest posts by Marcia Brauchler (see all)

About Has 5 Posts

how best to negotiate managed care contracts, increase reimbursements to the practice, and stay in compliance with healthcare laws. Brauchler’s firm sells updated HIPAA policies and procedures at She is a member of the South Denver, Colorado, local chapter.

Comments are closed.