PHI or Protected Health Information is a term used when referring to any information or data in the medical record of a person that can be used to identify him/her. This is the data that is created, used, or disclosed for the purpose of providing healthcare services to an individual.
In simpler words, PHI is the information in medical records that is personally identifiable. This may include the conversations of a patient with a doctor or nurses regarding any medical treatment. Moreover, it also includes the billing information, as well as any patient-identifiable information that is saved in any health insurance company’s computer system.
What is PHI Under HIPAA?
Under the Health Insurance Probability and Accountability Act (HIPAA) PHI refers to any patient-identifiable information that falls under the jurisdiction of law.
If you work in healthcare, you will need to know what PHI is, since the HIPAA Security Rule restricts the disclosure of PHI and limits its uses. You need to follow the HIPAA compliance guidelines if you collect, store, or share PHI.
Here is the type of data that is considered PHI under HIPAA:
- Information that is personally identifiable to an individual
- Data that is disclosed to a HIPAA covered entity for healthcare services
For example, PHI may include:
- Blood test results
- MRI scan
- Billing information
- Telephonic conversation with a doctor or an email regarding the prescription needed
- Appointment scheduling note with a healthcare service provider
- Phone records
What is ePHI?
Electronic Protected Health Information refers to patient-identifiable health information that is created, transmitted, saved, or maintained electronically. This includes all the PHI data saved and recorded on mobile, desktop, web, or any other technology, such as in the form of text messages.
Any reputable HIPAA compliant entity will implement necessary security measures to ensure that the PHI they collect, and store remains confidential. These safeguarding measures may include firewalls, encryption software, and keeping all the physical records safely locked.