This term, first mentioned in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, refers to any identifiable information about a person that appears in medical records or conversations among health care staff regarding a patient’s treatment. It may also include billing information or any other information that could be used to identify someone in a company’s health insurance records.
Examples of PHI include patients’ names, birth dates, addresses, Social Security numbers, phone numbers, email addresses, medical record numbers, medical treatment information and billing information. HIPAA’s role is to ensure this information is kept private. “Covered entities” such as doctors’ and dentists’ offices and clinics, psychologists, nursing homes, pharmacies and hospitals or home health agencies, and even health plans, must be in compliance with HIPAA.Under HIPAA rules, health care organizations are required to secure patient information that is stored or transferred either on paper records or digitally, to help protect PHI from data breaches or hackers.