What is the definition of PHI under HIPAA?

PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.

What is considered PHI?

Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate …

What are covered entities?

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

What are the 18 elements of PHI?

The 18 identifiers that make health information PHI are:

  • Names.
  • Dates, except year.
  • Telephone numbers.
  • Geographic data.
  • FAX numbers.
  • Social Security numbers.
  • Email addresses.
  • Medical record numbers.

What are some examples of PHI?

Examples of PHI

  • Patient names.
  • Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.
  • Dates — Including birth, discharge, admittance, and death dates.
  • Telephone and fax numbers.
  • Email addresses.

Who is not covered by the privacy Rule HIPAA?

The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g. De-Identified Health Information.

Who is not covered by the privacy Rule?

The Privacy Rule does not protect personally identifiable health information that is held or maintained by an organization other than a covered entity (HHS, 2004c). It also does not apply to information that has been deidentified in accordance with the Privacy Rule12 (see later section on Deidentified Information).

What is the omnibus rule?

The Omnibus Rule makes business associate contracts applicable to arrangements involving a business associate and a subcontractor of that business associate in the same manner that business associate contracts apply to arrangements between a covered entity and its direct business associate.

What are some common identifiers of PHI?