Defining Protected Health Information (PHI)
- By John Verhovshek
- In CMS
- February 12, 2018
- Comments Off on Defining Protected Health Information (PHI)

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), protected health information (PHI) is all individually identifiable health information in any form, electronic or non-electronic, that is held or transmitted by a covered entity (health plan, healthcare clearinghouse, or healthcare provider). This includes individually identifiable health information in paper records that has never been electronically stored or transmitted. PHI excludes the information found in education records covered by the Family Educational Rights and Privacy Act, health records of students who are 18 years of age and older, and HHS employment records.
The following are components of PHI:
- Patient’s name
- Streets, city, county, precinct (used in some practice management software, indicating a certain district for government reporting), ZIP code
- Dates directly related to a patient, including birth date, admission date, discharge date, and date of death
- Telephone numbers, fax numbers, and email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate of license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full face, photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
- Patient’s medical history
As a healthcare professional, it’s your job to safeguard patients’ PHI. If you’r office doesn’t already have a HIPAA compliance plan, you need to get one!
- Excision of Benign or Malignant Skin Lesion - April 21, 2019
- 49905: Open or Closed? - April 21, 2019
- Pain Management and the Global Period - April 21, 2019