Thank you for your participation!

Protected Health Information

What is PHI?

 Protected Health Information (PHI) is any information that can be used to identify an individual

What is ePHI?

 ePHI is electronic PHI.  This means any individually identifying information that is stored or transmitted electronically

Your Responsibility in Reference to ePHI

Every individual in your business is responsible for protecting the PHI of the patients at your practice and at partner's practices.

  • Keep your conversations at a minimum noise level, so as not to be overheard

  • Ensure your computer screen is not visible to anyone but yourself

  • Don't download or save any patient information to your computer

  • Never use email to send PHI or patient information, unless it is fully encrypted

  • Only access or review the minimum necessary amount of PHI necessary to complete your assigned job duties

Specific Indicators of PHI

The 18 fields listed below are specific identifiers of PHI, as set forth by HIPAA's governing bodies.

  • Names

  • Geographic subdivisions smaller than a state (street, city, county, zip code, etc.)

  • All elements of date smaller than a year (dates of birth, admission, discharge, death, etc.)

  • Phone numbers

  • Fax numbers

  • Email addresses

  • Social security numbers

  • Medical record numbers

  • Health plan beneficiary numbers

  • Account numbers

  • Certificate/Drivers License numbers

  • Vehicle identifiers (VIN, license plate numbers, etc.)

  • Device identifiers and serial numbers

  • Web addresses (URLs)

  • Biometric identifiers (finger prints, voice prints, etc.)

  • Photographic images

  • IP address

  • Any other unique identifying number characteristic or code

This is in no way a complete list.  Anything that can identify a specific individual
(i.e. "The lady in the red dress in the waiting room")
is considered protected health information.