What is PHI under HIPAA?

Protected health information (PHI) is health information in any form – physical, electronic, or verbal information. PHI is any identifiable health information that is used, maintained, stored, or transmitted by a Covered Entity (healthcare providers, health plans, insurers, etc.) or Business Associate (IT service providers, attorneys, billing services, evaluation services, etc.).

Quick Tip: If your data includes individual or demographic identifiers consider it PHI.

The U.S. Department of Health & Human Services (HHS) has published a comprehensive list of the 18 established identifiers that make health information PHI. One or more of these identifiers turns health information into PHI.

  1. Names
  2. Dates, except year
  3. Telephone numbers
  4. Geographic data
  5. FAX numbers
  6. Social Security numbers
  7. Email addresses
  8. Medical record numbers
  9. Account numbers
  10. Health plan beneficiary numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers including license plates
  13. Web URLs
  14. Device identifiers and serial numbers
  15. Internet protocol addresses
  16. Full face photos and comparable images
  17. Biometric identifiers (i.e. retinal scan, fingerprints)
  18. Any unique identifying number or code

Share this article:

Leave a Reply