Protected Health Information (PHI)

What is protected health information (PHI)?

PHI stands for protected health information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients various rights concerning that information.

PHI and electronically protected health information (ePHI) mean any identifiable data about the patient, including:

  • Name
  • Address
  • Date of birth
  • Social security number
  • Device identifiers
  • Email addresses
  • Biometrics
  • Lab or imaging results
  • Medical history
  • Payment information

PHI is a subset of personally identifiable information (PII) that refers explicitly to information processed by HIPAA-covered entities. When health information is combined with a personal identifier, the data becomes PHI.

The requirements for processing PHI help protect patient privacy and allow making care coordination easier. The HIPAA Privacy Rule ensures that PHI is shared and used only with patient permission or for care coordination between covered entities. Identifiable health information is not considered PHI unless that organization is a HIPAA-covered entity.

Learn more about HIPAA-compliant analytics and marketing:


  • EU hosting vs. EU sovereignty: Why the difference matters for privacy-first analytics

    As EU-US data transfer tensions continue to evolve, driven by legal uncertainties and heightened regulatory scrutiny, organizations are under increasing pressure to make informed decisions about where and how their analytics data is stored. The collapse of previous data transfer frameworks and the uncertain future of the current EU-U.S. Data Privacy Framework have made one…

  • Why Shopify stores need privacy-compliant analytics

    Shopify store owners depend on analytics to track sales, understand customer behavior, and measure marketing performance. However, as privacy regulations like GDPR, CCPA, and the ePrivacy Directive evolve — and as consumers become more aware of how their data is used — traditional analytics platforms pose increasing risks. Tools that rely on third-party cookies and…