Home » Knowledge Center » CMS » Defining Protected Health Information (PHI)
Knowledge Center
Hot Topics

Defining Protected Health Information (PHI)

Print Post
Defining Protected Health Information (PHI)

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), protected health information (PHI) is all individually identifiable health information in any form, electronic or non-electronic, that is held or transmitted by a covered entity (health plan, healthcare clearinghouse, or healthcare provider). This includes individually identifiable health information in paper records that has never been electronically stored or transmitted. PHI excludes the information found in education records covered by the Family Educational Rights and Privacy Act, health records of students who are 18 years of age and older, and HHS employment records.

The following are components of PHI:

  1. Patient’s name
  2. Streets, city, county, precinct (used in some practice management software, indicating a certain district for government reporting), ZIP code
  3. Dates directly related to a patient, including birth date, admission date, discharge date, and date of death
  4. Telephone numbers, fax numbers, and email addresses
  5. Social Security numbers
  6. Medical record numbers
  7. Health plan beneficiary numbers
  8. Account numbers
  9. Certificate of license numbers
  10. Vehicle identifiers and serial numbers, including license plate numbers
  11. Device identifiers and serial numbers
  12. Web Universal Resource Locators (URLs)
  13. Internet protocol (IP) address numbers
  14. Biometric identifiers, including finger and voice prints
  15. Full face, photographic images and any comparable images
  16. Any other unique identifying number, characteristic, or code
  17. Patient’s medical history

As a healthcare professional, it’s your job to safeguard patients’ PHI. If you’r office doesn’t already have a HIPAA compliance plan, you need to get one!

John Verhovshek

John Verhovshek

John Verhovshek, MA, CPC, is Managing Editor at AAPC. He has covered medical coding and billing, healthcare policy, and the business of medicine since 1999. He is an alumnus of York College of Pennsylvania and Clemson University, and a member of the Asheville-Hendersonville AAPC Local Chapter.
John Verhovshek

Latest posts by John Verhovshek (see all)

Related posts:

  1. New Authority Enforces HIPAA Security
  2. Proposed Rule Gives Patients Right to Know Who Viewed Records
  3. PHI Breach Rules Input Sought
  4. HIPAA Privacy Regs to Be Reset
Tagged :

About Has 595 Posts

John Verhovshek, MA, CPC, is Managing Editor at AAPC. He has covered medical coding and billing, healthcare policy, and the business of medicine since 1999. He is an alumnus of York College of Pennsylvania and Clemson University, and a member of the Asheville-Hendersonville AAPC Local Chapter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Hot Topics

  • ads

  • Webinars

  • Latest Poll

    Would it help you to have the American Dental Association’s D codes included in the HCPCS Level II code book?