What is Protected Health Information (PHI)?
PHI is individually identifiable health information held or transmitted by a covered entity or its business associate, protected under HIPAA regulations.
Protected Health Information (PHI) under HIPAA includes any individually identifiable health information that relates to an individual past, present, or future physical or mental health condition, the provision of healthcare, or payment for healthcare. PHI can exist in any form—electronic (ePHI), paper, or oral.
PHI includes 18 specific identifiers defined by HIPAA: names, geographic data smaller than a state, dates related to an individual, phone and fax numbers, email addresses, Social Security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers, device identifiers, web URLs, IP addresses, biometric identifiers, full-face photographs, and any other unique identifying number.
Relevant Regulations
How IQWorks Helps
Related Terms
Personally Identifiable Information (PII)
PII is any information that can be used to identify a specific individual, including names, addresses, email addresses, phone numbers, Social Security numbers, and biometric data.
Sensitive Personal Data
Sensitive personal data includes special categories such as health information, biometric data, racial or ethnic origin, religious beliefs, and sexual orientation that require enhanced protection.
Data Classification
Data classification is the process of categorizing data by sensitivity level, type, and regulatory applicability to determine appropriate protection measures and handling procedures.