What is PHI?

As per HIPAA compliance, PHI (Protected Health Information) is a category of information that includes all individually-identifiable health information such as personal info (name, address, date of birth, etc.), health status, past medical record, and health care payments. According to the HIPAA Privacy Rule, forms of PHI can be oral, written, or electronic.

Protected Health Information Disclosure

PHI is protected in the sense that it is forbidden to use or disclose except in narrowly authorized circumstances. For example, PHI can be used when doctors need patient data to perform their job, in emergency situations, and when treatment occurs in collaboration with other health providers or associates. PHI is not protected when attached to large data sets that have had personally-identifiable information removed or obscured, as in medical research.

What is Electronic Protected health information (ePHI)?

Any PHI data that is created, transmitted, received, or stored electronically is referred to as Electronic PHI (ePHI) and must be handled with the appropriate security controls in compliance with HIPAA Security Rule requirements. Unauthorized use or disclosure of PHI or ePHI by Covered Entities (e.g. hospitals, doctors, health insurance companies) and Business Associates (third-parties such as cloud billing services) brings the risk of severe civil and criminal penalties.

Types of PHI

For reference, the 18 types of information that are classified as PHI are:
  1. Name
  2. Address
  3. Dates (of appointments, payments, etc.)
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan / insurance beneficiary number
  10. Account number
  11. Certificate / license number
  12. Any vehicle identifiers (e.g. license plate number)
  13. Device identifiers and serial numbers
  14. Web URLs (Links)
  15. Internet Protocol (IP) address
  16. Biometric identifiers (finger / retinal / voice)
  17. Photographic images
  18. Any other characteristic that may be used to uniquely identify the individual

Understanding PHI in written or verbal form

Related Terms and Resources