Protected health information (PHI) is health information in any form – physical, electronic, or verbal information. PHI is any identifiable health information that is used, maintained, stored, or transmitted by a Covered Entity (healthcare providers, health plans, insurers, etc.) or Business Associate (IT service providers, attorneys, billing services, evaluation services, etc.).

Quick Tip: If your data includes individual or demographic identifiers consider it PHI.

The U.S. Department of Health & Human Services (HHS) has published a comprehensive list of the 18 established identifiers that make health information PHI. One or more of these identifiers turns health information into PHI.

1. Names
2. Dates, except year
3. Telephone numbers
4. Geographic data
5. FAX numbers
6. Social Security numbers
7. Email addresses
8. Medical record numbers
9. Account numbers
10. Health plan beneficiary numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers including license plates
13. Web URLs
14. Device identifiers and serial numbers
15. Internet protocol addresses
16. Full face photos and comparable images
17. Biometric identifiers (i.e. retinal scan, fingerprints)
18. Any unique identifying number or code

Share this article: