What is PHI?
What is "protected health information" (PHI) and "electronic protected health information" (ePHI) under HIPAA?
Protected health information (PHI) – Information created, transmitted, received or maintained by UMass Chan, including demographic information, related to the:
• Past, present, or future physical or mental health or condition of an individual;
• Provision of health care to an individual; or
• Past, present, or future payment for the provision of health care to an individual;
together with any of the identifiers in the list below.
Note: Information for deceased individuals continues to be PHI until the individual has been deceased for more than 50 years.
Electronic protected health information (ePHI) - PHI that is transmitted by electronic media; maintained in electronic media; transmitted or maintained in any other electronic form or medium.
Under the HIPAA Privacy Rule, protected health information (PHI) refers to individually identifiable health information. Individually identifiable health information is that which can be linked to a particular person. Specifically, this information can relate to:
- The individual's past, present or future physical or mental health or condition,
- The provision of health care to the individual, or,
- The past, present, or future payment for the provision of health care to the individual.
Common identifiers of health information include names, social security numbers, addresses, and birth dates.
|
Names (of patients, relatives, or employers) |
Social security numbers |
Device identifiers and serial numbers |
|
All geographic subdivisions smaller than a State |
Medical record numbers |
Web Universal Resource Locators (URLs) |
|
All elements of dates (except year) including birth date, admission date, discharge date, date of death; and all ages over 89 |
Health plan beneficiary numbers |
Internet Protocol (IP) address numbers |
|
Telephone numbers |
Account numbers |
Biometric identifiers, including finger and voice prints |
|
Fax numbers |
Certificate/license numbers |
Full face photographic images and any comparable images |
|
Electronic mail addresses |
Vehicle identifiers and serial numbers, including license plate numbers |
Any other unique identifying number, characteristic, or code |
PHI does not include information maintained about an individual by UMass Chan for employment purposes, such as employee health records.
The HIPAA Security Rule applies to individual identifiable health information in electronic form or electronic protected health information (ePHI). It is intended to protect the confidentiality, integrity, and availability of ePHI when it is stored, maintained, or transmitted.