Share this article on:
The term PHI is commonly used in connection with health data, but what does PHI stand for, and what information is included in the definition of PHI?
What Does PHI Stand For?
PHI is an acronym of Protected Health Information. The term is commonly referred to in the Health Insurance Portability and Accountability Act (HIPAA).
The word protected means the health information is covered by the HIPAA Privacy and Security Rules, which require HIPAA-covered entities – healthcare providers, health plans, and healthcare clearinghouses – and their business associates, to implement administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of identifiable health information. PHI is a broad term covering health information in all forms, while ePHI is specific to electronic forms of health information.
PHI includes demographic information, medical histories, test results, diagnoses, medications prescribed, and any other information that is used to determine the types of care that should be given to patients, information related to the payment for medical services, as well as information that is used to identify patients – medical record numbers, insurance identifiers, Social Security numbers, and other unique identifiers.
PHI includes any health information that is created, received, stored, or transmitted by HIPAA-covered entities for which the Department of Health and Human Services has adopted standards. The term applies to past, present, and future physical and mental health information and details of medical conditions.
PHI does not include information in education records, and neither information held by a HIPAA-covered entity in its capacity as an employer.
PHI ceases to be PHI when it is stripped of information that can be used to identify an individual. The 18 identifiers that must be removed before PHI is considered de-identified are:
- Geographic data
- All elements of dates
- Telephone numbers
- FAX numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plates
- Device identifiers and serial numbers
- Web URLs
- Internet protocol addresses
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Full face photos and comparable images
- Any unique identifying number, characteristic or code