Protected Health Information or PHI is a term used to describe data that can be used to identify individuals and that was created in the context of healthcare services.
Typical Examples of PHI
- Specific details of healthcare providers.
- Financial information regarding payments in the context of healthcare.
- Details of diagnosis of treatments provided to an individual.
- Geographical or location identifiers.
- Contact details such as names, addresses, initials, phone numbers, email addresses, etc.
- Payment information such as bank account numbers, credit information, or payment information in general.
- Biometric identifiers such as fingerprints, genetic information, voiceprints, and retinal data.
The basic rule to identify PHI information is that any data related to the individual patient or that was utilized during the healthcare service is to be considered PHI.
Non-PHI is data generated during the process but does not provide any specifics about the individuals, or that cannot be traced back to its source. Examples of this are heart rate monitor patterns, temperature scans, anonymized blood test results, and so on.
PHI information is generally created every time an individual uses healthcare systems that store digital information about the individual and the process being undertaken. This information is then stored in data repositories, which need to be adequately secured. The PHI information can be stored as text documents for forms, diagnosis, in the format of tabular data in data warehouses for transactional payment information and appointments, or data lakes for unstructured data such as MRIs, X-rays, and other image medical diagnosis systems.
When this data is stored in a digital format, it is often called ePHI. This term refers to any PHI information sent through digital systems and is regulated by the HIPAA Security Rule. The HIPAA Security Rule seeks to provide a framework for the proper and secure usage of PHI data by implementing management, physical and technical safeguards to ensure the quality and integrity of the data.