Protected Health Information (PHI) is basically the personally identifiable health information that is protected and regulated by the Health Insurance Portability and Accountability Act, better known as HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) was filed or rather written 20 years ago when smartphones were a distant reality.

Therefore, everything related to this act was penned down for mostly an analog world of physical X-rays and even paper files. And in today’s era of wearables, genetic sequencing, health apps, and much more, getting a proper and precise definition of PHI can be quite difficult to understand, especially for the developers who are trying to parse or figure out whether they need to be HIPAA compliant or not.

Through this post, we hope to provide a clearer picture of what exactly is PHI or Protected Health Information and what is not considered PHI. And hopefully, you as a healthcare software developer will be able to use the below-mentioned information as a reference while you are determining if all the information that you are collecting for your digital health solution fall under PHI or not.

Covered Entities and Business Associates
Before we proceed further to talk about the definition of PHI, what information constitutes PHI and what doesn’t, let’s first understand two major definitions under HIPAA and those are – Business Associates and Covered Entities.

Covered Entities

A covered entity is basically a person who provides treatment, payment, as well as the operations in the healthcare sector. According to the U.S. Department of Health & Human Services (HHS), healthcare providers, health plans, and healthcare clearinghouses fall under the covered entities. The healthcare providers usually include doctors, clinics, dentists, psychologists, nursing homes, pharmacies, chiropractors, and last but not the least, the hospitals.

Health plans include the health insurance companies, company health plans, HMOs, Medicare & Medicaid. In fact, schools and employers that handle the PHI in order to enroll their employees and students in any sort of health plan also fall under the definition of a Health Plan.

Here’s a complete list of entities that come under covered entities. Please take a look.

Dental and doctors’ offices, clinics, psychologists
Insurance companies, health plans, HMOs
Pharmacies, nursing homes, home healthcare agencies or hospitals
Healthcare clearinghouses
Government programs that contribute towards healthcare
The Definition of Protected Health Information (PHI)?
PHI stands for Protected Health Information, which is any information that is related to the health status of an individual. This can include the provision of health care, medical record and/or payment for the treatment of a particular patient and can be linked to him or her. The term “information” can be interpreted in a very broad category and the main phrase, in this case, is “that can be linked to a specific individual”.

PHI differs from PII (Personally Identifiable Information). The latter is considered as a legal definition – PII is generally used to identify an individual uniquely. This is mostly used when the condition or illness is rare.

What is ePHI?

ePHI stands for electronic protected health information which is PHI transferred, received or simply saved in an electronic form. The types of ePHI include patient names, fingerprints, addresses, social security numbers, email addresses, and photographic images. Along with this information, past medical records are also kept private.

Read More About Protected Health Information (PHI).

What is PHI and What is Not PHI? - Mobisoft Infotech
1.35 GEEK