Protected Healthcare Information (PHI)

What Is Protected Healthcare Information (PHI)

Protected Health Information (PHI) is any information about an individual's health or healthcare that is created, used, or disclosed by a healthcare provider, health plan, or any other healthcare-related entity. PHI includes a wide range of information, such as medical records, diagnoses, treatment plans, and billing information. It is important for healthcare providers to handle PHI in a responsible and secure manner in order to protect the privacy of individuals.

‍

PHI and HIPAA

PHI is protected under the Health Insurance Portability and Accountability Act (HIPAA), a federal law that sets standards for the confidentiality, security, and integrity of PHI. HIPAA applies to covered entities, such as hospitals, clinics, and insurance companies, as well as their business associates, who handle PHI on behalf of the covered entities. HIPAA requires covered entities to implement safeguards to protect the privacy of PHI, and imposes penalties for HIPAA violations, such as fines and criminal charges.

In addition to protecting the privacy of individuals, HIPAA also gives individuals certain rights with respect to their PHI. These include the right to request copies of their medical records, and to request that their PHI be amended or corrected. HIPAA also requires covered entities to provide individuals with a Notice of Privacy Practices, which explains their rights and the covered entity's obligations under HIPAA.

‍

Types of HIPAA Protected Health Information (PHI) Identifiers

Below are the 18 types of HIPAA protected health information (PHI) identifiers that must be treated with special care. Further, they qualify as PHI meaning according to guidance from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

1. Names
2. Address - which includes subdivisions smaller than state, such as a street address, city, county, or zip code
3. Any dates (other than years) that are directly related to an individual. This includes birthday, date of death, date of admission or discharge, or the exact age of individuals who are older than 89
4. Telephone numbers
5. Fax numbers
6. Email addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers, serial numbers, or license plate numbers
13. Device identifiers or serial numbers
14. Web URLs
15. IP addresses
16. Biometric identifiers, such as fingerprints or voice prints
17. Full-face photos and any comparable images
18. Any other unique identifying numbers, characteristics, or codes

‍

Examples of Protected Health Information (PHI)

Here's a breakdown of some specific examples of PHI:

A patient's X-ray or MRI scan.

A doctor's progress notes detailing a patient's condition and treatment.

A lab report containing a patient's test results.

A patient's medical bill, including details about the services provided and their cost.

A conversation between a patient and their doctor about a health concern.

‍

Conclusion

Overall, PHI is sensitive information about an individual's health or healthcare that is protected under HIPAA. HIPAA sets standards for the confidentiality, security, and integrity of PHI, and gives individuals certain rights with respect to their health information. It is important for healthcare providers and other covered entities to handle PHI in accordance with HIPAA requirements in order to protect the privacy of individuals. HIPAA applies to covered entities, such as hospitals, clinics, and insurance companies, as well as their business associates, who handle PHI on behalf of the covered entities. HIPAA requires covered entities to implement safeguards to protect the privacy of PHI, and imposes penalties for HIPAA violations, such as fines and criminal charges.