HIPAA Security Reminder - What is Protected Health Information (PHI)?About HIPAA

HIPAA Security Reminder – What is Protected Health Information (PHI)?

This entry is part 5 of 19 in the series HIPAA Security Reminders

The Health Insurance Portability and Accountability Act (HIPAA) mandated the adoption of Federal privacy and security regulations for protected health information (PHI). PHI is individually identifiable health information which is created or received by a health care provider, health plan, or health care clearinghouse. Such information relates to the past, present or future physical health, mental health or condition of an individual AND can be directly tied to an individual.

PHI either identifies or could be used to identify the individual and has been transmitted or maintained in any form or medium (electronic, paper or oral).

The regulations define eighteen fields as listed below which can be used to identify individuals:

Names
Geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code and equivalent geocodes
All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89.
Telephone numbers
Fax numbers
Email addresses
Social security numbers
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers including license plate numbers
Device identifiers and serial numbers
Web Universal Resource Locator (URL)
Biometric identifiers, including finger or voice prints
Full face photographic images and any comparable images
IP address
Any other unique identifying number characteristic or code

The complete HIPAA Privacy and Security regulations are here.

If you'd like keep up to date on HIPAA Security and Privacy reminders or HIPAA-HITECH in general, please also consider (all optional!):

Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Following me: http://Twitter.com/AboutHIPAA
Subscribing to our eNewsletter: https://app.e2ma.net/app/view:Join/signupId:61331/mailingId:3310893/acctId:36048
Subscribing to our RSS feed: http://abouthipaa.com/feed/rss/
Checking our company web site: http://clearwatercompliance.com/
Attending a HIPAA HITECH live webinar: http://abouthipaa.com/webinars/on-demand-webinars/
Viewing a pre-recorded webinar: http://abouthipaa.com/webinars/on-demand-webinars/

Series Navigation<< Protecting Sensitive Data is Everyone’s ResponsibilityHIPAA Security Reminder – You Must Do Security Reminders! >>

4 Responses to “HIPAA Security Reminder – What is Protected Health Information (PHI)?”

Jon Stone 30 June 2011 at 9:14 pm #

Test Comment to see how comments work.

Jon Stone
Greg 7 March 2012 at 3:18 pm #

Just wondering. Confusing with HIPPA. I have an ID card that has my name and member number on it. Is that info on the card considered PHI?

Trackbacks/Pingbacks

HIPAA Security Reminder - Protecting Sensitive Data is Everyone's Responsibility | About HIPAA - 06/20/2011
[...] examples of sensitive data (also, see our recent post on What is PHI?) [...]
HIPAA Security Reminder – Exercise Caution When Using Public Wireless Access Points « IT-Security.BlogNotions - Thoughts from Industry Experts - 12/16/2011
[...] HIPAA Security Reminder – What is Protected Health Information (PHI)? [...]

About HIPAA

Helping you understand HIPAA compliance