chapter 5 : What Is PHI?
The National Institute of Health defines PHI as “individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral or paper) by a covered entity or its business associates, excluding certain educational and employment records.”
- Includes medical records.
- Includes financial records.
- HIPAA Privacy Rule includes PHI in electronic, paper or oral formats. It is any information which is created or received by a health care provider, health plan, employer or health care clearinghouse and relates to the past, present or future physical or mental health condition of an individual; or past, present or future payment for health purposes for an individual. The privacy rule also indicates how patient information is used and disclosed. The HIPAA Security Rule is applied to electronic PHI. It protects any information of an individual which is transmissible electronically.
Types of PHI include:
- Any item which includes information about care given for physical and/or mental well-being of an individual
- Notes, charts or any paperwork pertaining to doctor, hospital or clinic visits
- Enrollment in any health plans or other health programs associated with health care
- Any health care payments or claims
How a consumer’s PHI is used:
- For treatment purposes
- For an individual’s care
- With members of their family, relatives or friends who they indicate can have access
- For public health purposes – reportable diseases which cause public outbreak (i.e., Anthrax)
- Payment to doctors or hospitals providing your care
- Information to police to make reports in various case related to an individual’s health