In a healthcare environment, you are likely to hear health information referred to as protected health information or PHI, but what is considered PHI under HIPAA?
Under HIPAA PHI is considered to be any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity – A healthcare provider, health plan or health insurer, or a healthcare clearinghouse – or a business associate of a HIPAA-covered entity, in relation to the provision of healthcare or payment for healthcare services.
It is not only past and current health information that is considered PHI under HIPAA Rules, but also future information about medical conditions or physical and mental health related to the provision of care or payment for care. PHI is health information in any form, including physical records, electronic records, or spoken information.
Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual identifiers. Demographic information is also considered PHI under HIPAA Rules, as are many common identifiers such as patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates, when they are linked with health information.
The 18 identifiers that make health information PHI are: