Recommended Reading
What is PHI Under HIPAA? Requirements for Compliance
Welcome to our list of commonly used security and compliance terms.
PHI stands for Protected Health Information.
PHI is protected under the Health Insurance Portability and Availability Act (HIPAA), and includes any health data created, transmitted, or stored by a HIPAA-covered entity and its business associates. It includes electronic records (ePHI), written records, lab results, x-rays, bills — even verbal conversations that include personally identifying information.
PHI is protected by the HIPAA Privacy Rule, which requires covered entities and their business associates to establish safeguards to maintain the security and confidentiality of protected health information.
The US Department of Health and Human Services (HHS) defines 18 key identifiers that determine whether the information is classified as PHI:
What is PHI Under HIPAA? Requirements for Compliance