What is Protected Health Information (PHI)?

What is Protected Health Information (PHI)?

Table of contents

  1. What is a covered entity?
  2. What is a business associate?
  3. What is the definition of protected health information (PHI)?
  4. What are some examples of protected health information (PHI)?
  5. What is ePHI?
  6. What is not considered protected health information (PHI)?
  7. What is PHI used for?
  8. What is de-identification and anonymization?
  9. What are the data protection requirements of protected health information (PHI)?
  10. Should healthcare organizations invest in cybersecurity?
  11. How UpGuard can prevent protected health information (PHI) data breaches and data leaks

1. What is a covered entity?

  • Healthcare providers: hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes and pharmacies
  • Health plans: health insurance companies, health maintenance organization, company health plans, Medicare and Medicaid
  • Healthcare clearinghouses: takes in information from a healthcare entity, standardizes the data and then provides the information to another healthcare entity

2. What is a business associate?

3. What is the definition of protected health information (PHI)?

4. What are some examples of protected health information (PHI)?

  1. Names
  2. All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the U.S. Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
  3. Dates (other than year) directly related to an individual
  4. Phone Numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary number
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers;
  13. Device identifiers and serial numbers;
  14. Web Uniform Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including finger, retinal and voice prints
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data
  • Billing information
  • Emails
  • Appointment scheduling apps
  • MRI scans
  • Blood test results
  • Phone records

5. What is ePHI?

  • Personal computers used at home, work or travel
  • External hard drives
  • Magnetic tape
  • Removable storage such as USB drives, CDs, DVDs and SD cards
  • Smartphones and other smart devices
  • Email
  • File transfer and cloud storage solutions

6. What is not considered protected health information (PHI)?

  • Data can identify the patient
  • Data is used or disclosed by a covered entity during the course of care

7. What is PHI used for?

8. What is de-identification and anonymization?

9. What are the data protection requirements of protected health information (PHI)?

10. Should healthcare organizations invest in cybersecurity?

11. How UpGuard can prevent protected health information (PHI) data breaches and data leaks

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store