Protected Health Information (PHI)

What is protected health information (PHI)?

PHI stands for protected health information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients various rights concerning that information.

PHI and electronically protected health information (ePHI) mean any identifiable data about the patient, including:

  • Name
  • Address
  • Date of birth
  • Social security number
  • Device identifiers
  • Email addresses
  • Biometrics
  • Lab or imaging results
  • Medical history
  • Payment information

PHI is a subset of personally identifiable information (PII) that refers explicitly to information processed by HIPAA-covered entities. When health information is combined with a personal identifier, the data becomes PHI.

The requirements for processing PHI help protect patient privacy and allow making care coordination easier. The HIPAA Privacy Rule ensures that PHI is shared and used only with patient permission or for care coordination between covered entities. Identifiable health information is not considered PHI unless that organization is a HIPAA-covered entity.

Learn more about HIPAA-compliant analytics and marketing:


  • PHI and PII

    PHI and PII: How they impact HIPAA compliance and your marketing strategy

    Personally identifiable information (PII) and protected health information (PHI) may seem similar. However, there are critical distinctions between the two. While PII is a catch-all term for any information that can be associated with an individual, PHI applies specifically to HIPAA-covered entities dealing with identifiable patient information. Keeping HIPAA compliant and protecting patient information requires…

  • How can healthcare organizations benefit from using a customer data platform (CDP)

    Like many industries, healthcare has been undergoing significant change and is under immense pressure. Patients expect personalized healthcare experiences, but are increasingly aware of their privacy rights and demand that their data is safe and not misused. Healthcare providers have been seeking ways to connect, scale, and leverage customer data more effectively to meet consumers’…