509.949.2162 jeremy@bondbyte.com

Protected Health Information (PHI) refers to any information that is created, received, stored, or transmitted by a covered entity or its business associate, which relates to the past, present, or future physical or mental health or condition of an individual, the provision of healthcare to an individual, or the past, present, or future payment for the provision of healthcare to an individual. PHI is information that can be used to identify a patient and is protected under the Health Insurance Portability and Accountability Act (HIPAA).

Data Elements Considered PHI

The following data elements are considered PHI if they are related to health information:

  1. Name: Full names or last names and initial.
  2. Geographic Identifiers: All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code (except for the initial three digits if certain conditions are met), and equivalent geocodes.
  3. Dates: All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89.
  4. Telephone Numbers
  5. Fax Numbers
  6. Email Addresses
  7. Social Security Numbers
  8. Medical Record Numbers
  9. Health Plan Beneficiary Numbers
  10. Account Numbers
  11. Certificate/License Numbers
  12. Vehicle Identifiers and Serial Numbers: Including license plate numbers.
  13. Device Identifiers and Serial Numbers
  14. Web URLs
  15. Internet Protocol (IP) Addresses
  16. Biometric Identifiers: Including fingerprints and voiceprints.
  17. Full-Face Photographic Images: And any comparable images.
  18. Any Other Unique Identifying Number, Characteristic, or Code: This includes any other information that can be used to identify an individual directly or indirectly when combined with other data.

Examples of PHI in Practice

  • Medical Records: Information within medical records such as diagnosis, treatment plans, test results, and medication history.
  • Billing Information: Details included in billing statements and insurance claims.
  • Communications: Email exchanges between healthcare providers and patients that include health-related information.
  • Appointment Schedules: Information about the timing of patient visits.

In essence, any piece of information that can be used to identify an individual in a healthcare context and is related to their health status, care, or payment for care is considered PHI under HIPAA regulations. Protecting this information is crucial to maintaining patient confidentiality and complying with federal regulations.