Related information
HIPAA & PHI: Understanding Health Information Privacy
What Is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a U.S. law that:
- Enhances efficiency in healthcare.
- Protects sensitive patient health information.
- Grants patients rights over their health data.
The HIPAA Privacy Rule sets standards for how personal health information should be handled.
What Is PHI?
PHI means Protected Health Information is any personal health data that can identify an individual. This includes:
- Medical records & lab results
- Billing & insurance information
- Doctor patient conversations
- Any data linked to personal identifiers
PHI is protected when it is handled by covered entities like hospitals, clinics, or insurance providers.
PHI Identifiers
Any of these makes information identifiable:
- Name
- Geographic subdivisions smaller than a state (e.g., street address, city, ZIP code)
- All elements of dates (except year) directly related to an individual (e.g., birth date, admission date)
- Telephone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Helath plan beneficiary numbers
- Account number
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web URLs
- IP addresses
- Biometric data (e.g., fingerprints)
- Full face photos
Once these are removed, the data is no longer considered PHI.
Why It Matters
HIPAA and PHI protections:
- Build trust with patients
- Help prevent identity theft
- Encourage responsible data sharing
- Protect healthcare organizations from penalties and lawsuits
