The National Institute of Health defines PHI as “individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral or paper) by a covered entity or its business associates, excluding certain educational and employment records.”
Includes medical records.
Includes financial records.
HIPAA Privacy Rule includes PHI in electronic, paper or oral formats. It is any information which is created or received by a health care provider, health plan, employer or health care clearinghouse and relates to the past, present or future physical or mental health condition of an individual; or past, present or future payment for health purposes for an individual. The privacy rule also indicates how patient information is used and disclosed. The HIPAA Security Rule is applied to electronic PHI. It protects any information of an individual which is transmissible electronically.
Types of PHI include:
Any item which includes information about care given for physical and/or mental well-being of an individual
Notes, charts or any paperwork pertaining to doctor, hospital or clinic visits
Enrollment in any health plans or other health programs associated with health care
Any health care payments or claims
How a consumer’s PHI is used:
For treatment purposes
For an individual’s care
With members of their family, relatives or friends who they indicate can have access
For public health purposes – reportable diseases which cause public outbreak (i.e., Anthrax)
Payment to doctors or hospitals providing your care
Information to police to make reports in various case related to an individual’s health