18 Elements of PHI
Protected health information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.. The HIPAA Privacy Rule covers protected health information in any medium.
ePHI stands for Electronic Protected Health Information. It is any protected health information (PHI) which is stored, accessed, transmitted or received electronically. Protected Health Information (PHI) under HIPAA means any information that identifies an individual and relates to at least one of the following:
- The individual’s past, present or future physical or mental health.
- The provision of health care to the individual.
- The past, present or future payment for health care.
There are 18 identified elements of protected health information (PHI) covered under the HIPAA Rules.
- Geographic subdivisions smaller that state (geocodes, county, city, street address, etc)
- Telephone numbers
- Fax numbers
- e-Mail addresses
- Social Security Numbers
- Medical Record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers (includes license plate numbers)
- Device identifiers and serial numbers
- Web URL (universal resource locator)
- IP Addresses
- Biometric identifiers
- Full face and comparable photographic images
- Any other unique identifying number, characteristic, or code
Many of the items in this list are obvious – we’ve all been training to know that names, social security numbers, birthdates, etc are protected health information. It’s number 18 that is the “catch-all”; the place where any unlisted item can that uniquely identifies a patient becomes PHI.
Is your staff trained for HIPAA Privacy and Security? Have you trained them in the last year? Is that training documented?? Check out our upcoming "What's new with HIPAA" training classes here.