Compliance

Protected Health Information (PHI)

Any individually identifiable health information that is created, received, maintained, or transmitted by a HIPAA-covered entity or business associate.

Also known as:PHIHealth Information

What is Protected Health Information?

Protected Health Information (PHI) is any health information that can be linked to a specific individual and is created, received, maintained, or transmitted by a covered entity or business associate. PHI is protected under HIPAA regulations.

What Constitutes PHI

Health information + any of 18 identifiers:

  1. Names
  2. Geographic data smaller than state
  3. Dates (except year)
  4. Phone numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers
  13. Device identifiers and serial numbers
  14. Web URLs
  15. IP addresses
  16. Biometric identifiers
  17. Full-face photographs
  18. Any other unique identifying number

PHI vs. ePHI

PHI: Any form (paper, verbal, electronic) ePHI: Electronic PHI specifically

De-identification Methods

Safe Harbor: Remove all 18 identifiers Expert Determination: Statistical/scientific verification

PHI Handling Requirements

  • Minimum necessary standard
  • Access controls
  • Encryption (especially ePHI)
  • Audit trails
  • Business Associate Agreements
  • Breach notification procedures
Previous

Prompt Injection

Next

Quantization