Defining Protected Health Information (PHI)

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), protected health information (PHI) is all individually identifiable health information in any form, electronic or non-electronic, that is held or transmitted by a covered entity (health plan, healthcare clearinghouse, or healthcare provider). This includes individually identifiable health information in paper records that has never been electronically stored or transmitted. PHI excludes the information found in education records covered by the Family Educational Rights and Privacy Act, health records of students who are 18 years of age and older, and HHS employment records.

The following are components of PHI:

1. Patient’s name
2. Streets, city, county, precinct (used in some practice management software, indicating a certain district for government reporting), ZIP code
3. Dates directly related to a patient, including birth date, admission date, discharge date, and date of death
4. Telephone numbers, fax numbers, and email addresses
5. Social Security numbers
6. Medical record numbers
7. Health plan beneficiary numbers
8. Account numbers
9. Certificate of license numbers
10. Vehicle identifiers and serial numbers, including license plate numbers
11. Device identifiers and serial numbers
12. Web Universal Resource Locators (URLs)
13. Internet protocol (IP) address numbers
14. Biometric identifiers, including finger and voice prints
15. Full face, photographic images and any comparable images
16. Any other unique identifying number, characteristic, or code
17. Patient’s medical history

As a healthcare professional, it’s your job to safeguard patients’ PHI. If you’r office doesn’t already have a HIPAA compliance plan, you need to get one!

• About
• Latest Posts

John Verhovshek

John Verhovshek, MA, CPC, is Managing Editor at AAPC. He has covered medical coding and billing, healthcare policy, and the business of medicine since 1999. He is an alumnus of York College of Pennsylvania and Clemson University, and a member of the Asheville-Hendersonville AAPC Local Chapter.

Latest posts by John Verhovshek (see all)

• 90 Day Global: The Meaning of a Major Surgery - April 25, 2018
• 01996: Daily Management of Continuous Drug Administration - April 25, 2018
• Reporting Anesthesia Time Units - April 25, 2018