What is Considered PHI under HIPAA?


Protected health information known as PHI is any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity. Any information about individual or patient’s past present or future physical or mental health, and the provision of any healthcare comes under PHI. Other information such as healthcare billing, demographic data, conversation between doctors and nurses for the treatment, health insurance details that identify the individual concern are also specified as PHI under HIPAA.


It should be remembered that not only the past and present health records or data that is considered PHI under HIPAA Regulations but any information about individual’s future health conditions or physical and mental health and even future payment for treatment are also considered as PHI. Not only are the physical or written records considered as PHI but any health information in any shape or form, including physical records, electronic records, or verbal data comes under PHI.

So here we can say that any health care information, medical histories of a patient, lab test results, and medical bills comes under PHI. Basically, all health records and medical information is considered PHI when it features individual identifiers.

PHI includes information about the following classes:

  1. The individual patient.
  2. Household members of the patient.
  3. Relatives of the patient.
  4. Employers of the patient.
  5. Relatives of the patient.

Under HIPAA there are eighteen unique identifiers that make health information PHI and these all are stated below:-

  • Names
  • Geographic data
  • Dates, except year
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers including license plates
  • Web URLs
  • Device identifiers and serial numbers
  • Internet protocol addresses
  • Full face photos and comparable images
  • Biometric identifiers (i.e. retinal scan, fingerprints)
  • Any unique identifying number or code

To exactly tell which data or information comes under PHI we can say that any record that comes down to any information which might identify an individual along with the health-related information.

Not to forget that HIPAA covered entities and their business associates will also need to secure, safeguard, and protect this PHI to ensure the confidentiality, integrity, and availability of PHI, as stated in the HIPAA Security Rule. If any agency or its business associates fails to protect this data and if there is any data breach then that agency can be slapped with heavy penalties and fine for it.

Leave a Reply

Your email address will not be published. Required fields are marked *