What does PHI stand for? What information is considered PHI?

PHI stands for protected health information. PHI is used in the Health Insurance Portability and Accountability Act (HIPAA). Organizations that provide health care services like health plans, healthcare clearinghouses and others are HIPAA-covered entities and these have full access to patients or individuals data.

Protected health information (PHI)

These organizations must comply with HIPAA compliance and should provide security and protection to this data under privacy rule of HIPAA. 

What is PHI

Protected health information (PHI) is individually identifiable health information that is stored by the healthcare organizations and their business associate. The information that comes under PHI is very personal from health records of the person to his personal details, and even billing transactions done with the organizations. 

This information is very much personal and can be used to identify an individual. Even the information like conversations between doctors and nurses about the treatment are kept as medical records under PHI (protected health information). 

PHI is the term used by HIPAA (Health Insurance Portability and Accountability Act) to clarify the type of individual information that comes under the field of law.

Any healthcare organization and its business associates that store, share or gather protected health information must follow HIPAA compliance codes in order to be acquiescent with the law.  

If the health data needs to come under PHI and gets regulated by HIPAA then it should have two things:

  1. Personally identifiable to the patient or individual.
  2. Used or disclosed to a covered entity at the time of care. 

There are about 18 unique identifiers regarded as protected health information (PHI). 

  • Names
  • Geographic information: – All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, except for the initial three digits of a zip code. 
  • All elements of dates
  • Email addresses
  • Phone numbers
  • FAX numbers
  • Account numbers
  • Social Security numbers
  • Health plan beneficiary numbers
  • Medical record numbers
  • Certificate/license numbers
  • Device identifiers and serial numbers
  • Vehicle information and serial numbers such as license plates
  • Web addresses
  • Internet protocol addresses
  • Biometric identifiers (i.e. retinal scan, fingerprints)
  • Full-face photographs and identical images
  • Any unique identifying number, attribute or code

If any of the above unique identifiers are removed then PHI cannot be considered as protected health information. However, the information is still considered as “protected” under the 1981 Common Rule. 

Photo by Ani Kolleshi on Unsplash

Leave a Comment

Your email address will not be published. Required fields are marked *