Protected Health Information (PHI)

What is protected health information (PHI)?

PHI stands for protected health information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients various rights concerning that information.

PHI and electronically protected health information (ePHI) mean any identifiable data about the patient, including:

  • Name
  • Address
  • Date of birth
  • Social security number
  • Device identifiers
  • Email addresses
  • Biometrics
  • Lab or imaging results
  • Medical history
  • Payment information

PHI is a subset of personally identifiable information (PII) that refers explicitly to information processed by HIPAA-covered entities. When health information is combined with a personal identifier, the data becomes PHI.

The requirements for processing PHI help protect patient privacy and allow making care coordination easier. The HIPAA Privacy Rule ensures that PHI is shared and used only with patient permission or for care coordination between covered entities. Identifiable health information is not considered PHI unless that organization is a HIPAA-covered entity.

Learn more about HIPAA-compliant analytics and marketing:


  • What is protected health information (PHI)? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…