Protected Health Information (PHI)

What is protected health information (PHI)?

PHI stands for protected health information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients various rights concerning that information.

PHI and electronically protected health information (ePHI) mean any identifiable data about the patient, including:

• Name
• Address
• Date of birth
• Social security number
• Device identifiers
• Email addresses
• Biometrics
• Lab or imaging results
• Medical history
• Payment information

PHI is a subset of personally identifiable information (PII) that refers explicitly to information processed by HIPAA-covered entities. When health information is combined with a personal identifier, the data becomes PHI.

The requirements for processing PHI help protect patient privacy and allow making care coordination easier. The HIPAA Privacy Rule ensures that PHI is shared and used only with patient permission or for care coordination between covered entities. Identifiable health information is not considered PHI unless that organization is a HIPAA-covered entity.

There are many different demands for compliant marketing and analytics under HIPAA; read more:

• Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
• HIPPA privacy guidance on marketing

You may also like:

• How PHI and PII impact your HIPAA compliance and marketing
• Is Google Analytics HIPAA-compliant?
• Is your analytics project HIPAA-compliant? A complete checklist with 32 questions