That is one of the first questions that comes up about Private Health information, often referred to as PHI. Just what do we mean by PHI?
Here’s the short answer from the Feds:
PHI includes any individually identifiable health information held or
transmitted by an organization required to follow HIPAA rules. Organizations required to protect such information in any form — paper or electronic — include residential providers and their vendors and/or consultants.
PHI includes information that relates to:
~An individual’s past, present, or future physical or mental health or condition;
~The provision of health care to the individual; or
~The past, present, or future payment for the provision of health care to the individual.
PHI also includes many common identifiers, such as name, address, birth date, and Social
Security Number.
Source: May 2015 fact sheet from the Centers for Medicare & Medicaid Services, titled HIPAA Basics for Providers: Privacy,
Security, and Breach Notification Rules