Practice Management Alert

Reader Question:

Get Hip to Differing Types of PHI

Published on Thu Oct 06, 2016

Question: I’m pretty sure I know what types of information constitute protected health information (PHI). I have never looked up an “official” definition of PHI types, however. Could you provide a list of the different types of information the Health Insurance Portability and Accountability Act (HIPAA) might consider PHI?

Pennsylvania Subscriber

Answer: If you want to go straight to the source, HIPAA has a page devoted to explaining its PHI parameters: https://www.hipaa.com/hipaa-protected-health-information-what-does-phi-include/.

Caveat: It’s a little technical, and it doesn’t lay out a list of all the types of PHI that exist. For an easier, if slightly less technical, list of potential PHI hotspots, we checked out truevault.com, a website dedicated to PHI security and HIPAA compliance.

According to truevault, health data is considered PHI if it is personally identifiable to the patient AND that information is disclosed to a covered entity (CE) during the patient’s treatment.

Truevault reports examples of PHI include, but are not limited to:

Patient billing information,
An email from a patient about medication or a prescription they need refilled,
Results from an MRI scan, blood test, etc., and
Patient x-rays.

The Indiana University Knowledge Base goes a step further, laying out a list of “individually identifiable” PHI factors. These identifiers include, but are not limited to, a patient’s:

Name and address,
Elements (except years) of dates related to his care (including birth date, admission date, discharge date, date of death, and exact age),
Telephone and fax numbers,
Email addresses,
Social Security number,
Medical record number,
Health plan beneficiary number,
Account number,
Driver license number,
Vehicle identifiers and serial numbers, including license plate numbers,
Device identifiers or serial numbers,
Biometric identifiers, including finger or voice prints,
Full-face photographic images and any comparable images, and
Unique identifying number, characteristic, or code.

Takeaway: There are endless sources of PHI, so you need to be on the lookout for this info anywhere it might lurk in your dealings with CEs. It’s better to consider an unprotected item PHI if you’re unsure. That way, you know that the info will stay safe.

Practice Management Alert

Office Management:
Use These Tips to Balance Waiting Area Amenities, Patient Comfort
Expert: Free-flowing traffic patterns a must for waiting areas. Every medical practice wants patients to [...]

Office Management:
Set the Proper Tone in Waiting Area With Soft Colors
Chair material can also impact patient’s practice experience. When you have the right atmosphere and [...]

E/M Coding:
Note These Rules to Make Proper Observation Code Choice
Experts: Check with third-party payers on longer one-day stays. Coding for your physician’s observations isn’t [...]

E/M Coding:
Make Documentation Priority 1 for These Observations
Expert: When observation stay goes beyond the pale, payer will have questions. Most observation services [...]

You Be the Expert:
Coding for Hernia Repairs
Question: Encounter notes indicate that an adult patient presents to the surgeon for repair of left [...]

Reader Question:
Check Out the New Dx Code for Zika
Question: Is there an ICD-10 code for the Zika virus in the 2017 update? Maryland Subscriber [...]

Reader Question:
Get Hip to Differing Types of PHI
Question: I’m pretty sure I know what types of information constitute protected health information (PHI). I [...]

Reader Question:
Prevent Federal Headaches By Obeying Stark Law
Question: I overheard one of our nurse practitioners (NPs) say that someone at the practice might [...]

View All