Understanding PHI
- Individually identifiable information
- Demographics
- Any form or medium
- Oral
- Written
- Electronic
PHI is any and all information about an individual's physical or mental health that identifies the individual, or there is a reason to believe the information could identify them. This includes any type of information found in the medical and billing record, such as a history and physical exam, diagnoses, progress notes, and so forth.
PHI includes demographic information such as name, address, phone and fax number, email address, date of birth, social security number, relative names, photographs, – basically any type of information that could identify the individual.
Protected health information may be in any form. Traditionally, policies have been developed to protect written information, such as the medical and billing record and security measures put in place for the electronic health record and databases. In addition to written and electronic information, we must protect the privacy of information that is communicated orally as well.
As a rule of thumb, private information that you see, hear, or say must be kept confidential and can only be used or disclosed for specific purposes related to an individual's treatment, related to payment for the services they received, or related to the operations of the health care organization.