Protected Health Information (PHI)
What is protected health information (PHI)?
Protected health information (PHI), as defined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, relates to the past, present, or future health of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.
Essentially, PHI is individually identifiable health information held or transmitted by a HIPAA-covered entity or business associate. The HIPAA Privacy Rule governs the use of, access to and disclosure of PHI in the United States.
Electronic health information is classified as PHI and is commonly referred to as ePHI.
What is considered protected health information (PHI)?
Examples of protected health information include demographic information, medical histories, test and laboratory results, mental health conditions, prescription data, insurance information, billing information, and other types of data collected by healthcare organizations to identify and provide care or services. This data must be held or transmitted by a HIPAA-covered entity or its business associate, in any form or media, whether electronic, paper or oral, to be considered PHI.