What is Protected Health Information (PHI)?
According to the US Department of Health and Human Services, PHI is "any individually identifiable information, whether oral or recorded, in any form or medium" that:
- is created, or received by a health care provider, health plan or health care clearing house (aka Covered Entity); and
- relates to past, present, or future physical or mental health conditions of an individual; the provision of health care to the individual; or past, present, or future payment for health care to an individual.
Data are "individually identifiable" if they include any of the 18 types of identifiers for an individual or for the individual's employer or family member, or if the provider or researcher is aware that the information could be used, either alone or in combination with other information, to identify an individual.
What are the individually identifiable data that can be used to identify an individual?
- Address (all geographic subdivisions smaller than state, including street address, city, county, or ZIP code)
- All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89)
- Telephone numbers
- FAX number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Any vehicle or other device serial number
- Device identifiers or serial numbers
- Web URL
- IP address
- Finger or voice prints
- Photographic images
- Any other unique identifying number, characteristic, or code
Click here for Part 1 of this HIPAA/HITECH Compliance series, that covers:
- When and why did HIPAA/HITECH Compliance start?
- Is my company affected by these new rules?
For more information on HIPAA/HITECH Compliance, please contact Brian Rosenfelt with Skoda Minotti Technology Partners by calling 440-449-6800.