What is PHI?

"PHI" stands for Protected Health Information. HIPAA privacy regulations define PHI as individually identifiable health information that is maintained or transmitted in any form or medium.

The definition of individually identifiable health information is as follows:

“Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:

(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.” 

(45CFR160.103)