What is meant by PHI in HIPPA?
PHI in HIPAA stands for protected health information. PHI is any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity.
Health care provider such as health plans, healthcare clearinghouses and their business associates or third-party service providers have access to Protected Health Information (PHI) of an individual. Protected Health Information (PHI) comes under privacy rule HIPAA and it is the responsibilities of these covered entities to protect and safeguard this protected health information (PHI).
Any information that is linked to individual or patient’s past present or future physical or mental health, and the provision of any healthcare comes under PHI. Even the conversation between doctors and nurses that take place during treatment falls under protected health information PHI.
Other information such as healthcare billing, demographic data, health insurance details that identify the individual concern are also specified as PHI under HIPAA.
Before we can talk about PHI examples we need to first discuss two important definitions in HIPAA: Covered Entities and Business Associates.
According to the U.S. Department of Health & Human Services (HHS) Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all Covered Entities. Also those who provide treatment to patient and do financial transactions and billing in health care are also covered entities in HIPAA.
Covered Entities include:
- Doctors’ offices, dental offices, clinics, psychologists
- Nursing homes, pharmacies, hospitals or home healthcare agencies
- Health plans, insurance companies, HMOs
- Government programs that pay for healthcare
- Healthcare clearinghouses
Any vendors to health care organizations or agencies that have access to PHI are considered as business associates. Anyone who uses or discloses PHI on behalf of a Covered Entity is also known as business associates in HIPAA. Data storage or document storage services that gives an individual an access to share their data with the Covered entity, and electronic health information exchanges also fall under business associates.
Under HIPAA there are eighteen unique identifiers that make health information PHI and these all are stated below:-
- Geographic data
- All elements of dates
- Telephone numbers
- FAX numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plates
- Device identifiers and serial numbers
- Web URLs
- Internet protocol addresses
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Full face photos and comparable images
- Any unique identifying number, characteristic or code
Any record that comes down to any information which might identify an individual along with the health-related information is regarded as PHI.