What is Considered Protected Health Information Under HIPAA?

Table of content(s)

1. Examples of Protected Health Information (PHI)
2. Information protected by HIPAA regulations
3. Is a client’s height considered PHI under HIPAA?
4. What types of information can be shared without violating HIPAA?
5. How does HIPAA differentiate between PHI and non-PHI information

 

Under the Health Insurance Portability and Accountability Act (HIPAA), protected health information (PHI) refers to any health information that is created, received, or transmitted by healthcare providers and organizations. This includes several medical records, demographic information,  test results, and billing information. 

PHI also includes any information that can be linked to an individual, such as names, addresses, dates of birth, and social security numbers.Thus, understanding what is protected health information is crucial to HIPAA. So, let us explore a few examples of P.H.I. under HIPAA and its significance.

 

Examples of Protected Health Information (PHI)

HIPAA regulations strictly govern the handling and disclosure of PHI to protect patient privacy and confidentiality. Some key examples of PHI include:

• Email Addresses

Email addresses used for healthcare-related communications are considered PHI.

• Fax Numbers

Fax numbers used to transmit health-related documents are designated as PHI.

• Vehicle Numbers

Vehicle numbers linked to medical transport services or ambulance records are considered PHI.

• Certificates or License Numbers

Certificates or license numbers associated with healthcare professionals in medical records are considered PHI.

• Social Security Numbers

Social security numbers are often used to identify individuals in health insurance records and medical documents.

• Account Numbers

Account numbers associated with health-related financial transactions are considered PHI. It gives information into an individual’s medical treatments and health coverage.

 

Information protected by HIPAA regulations

HIPAA regulations protect a wide range of sensitive health information to maintain confidentiality, integrity, and availability of an individual’s health data. Here are some key examples:  

Demographic Information

• Names
• Dates of birth
• Addresses
• Phone numbers
• Email addresses

Medical Records

• Medical history
• Test results
• Diagnosis
• Treatment plans
• Medication lists

Payment Information

• Insurance information
• Payment records
• Billing information
• Account numbers

Health Information Systems

• Electronic health records (EHRs)
• Medical billing systems
• Patient portals
• Telemedicine platforms

Communication and Correspondence

• Phone calls
• Emails
• Letters
• Faxes
• Text messages

 

Is a client’s height considered PHI under HIPAA?

Under HIPAA, a client’s height is generally considered protected health information (PHI). PHI includes any information about an individual’s physical or mental health, health care, or payment for health care that can be linked to the individual. Height, as a physical characteristic, is considered part of an individual’s health information and is therefore subject to HIPAA’s privacy and security requirements. 

Healthcare providers and organizations must ensure the proper handling, storage, and disclosure of a client’s height data to protect their privacy and comply with HIPAA regulations. Unauthorized access, use, or sharing of a client’s height information leads to penalties for the healthcare groups.

Read more: Who Must Comply with HIPAA Rules and Regulations?

 

What types of information can be shared without violating HIPAA?

The types of information that can be shared without violating HIPAA includes: 

• Appointment information without identifiers: 

An appointment registered with only a patient’s name, telephone, or address does not count as PHI and can be shared under HIPAA.

• Non-healthcare employee records: 

Employee records are not considered PHI and can be shared with third parties under HIPAA.

• Student health information: 

Health information collected and stored by non-healthcare institutions, such as schools, does not come under PHI.

• Wearable device data from manufacturers: 

Health data collected and stored by wearable device manufacturers, such as blood pressure monitors or smart health watches, is not considered PHI if it is not stored by healthcare providers.

• Publicly available information: 

Publicly available information, such as medical journal articles or health-related news, is not considered PH and can be shared.

 

How does HIPAA differentiate between PHI and non-PHI information?

Let us explore what is considered PHI under HIPAA and what is not, to help learn the distinctions:

 

Category	Examples of PHI	Examples of Non-PHI
Identifiable Health Information	Names, addresses, birth dates, social Security numbers	Aggregate data with no identifiers, employment records in a non-healthcare context
Medical Records	Patient medical histories, lab test results, clinical notes	Information on general health trends, anonymized research data
Billing Information	Insurance information, billing details, payment history	General financial data not linked to health information
Communication Records	Appointment reminders, prescription records, emails and messages regarding health	Marketing emails not related to health services, customer service messages not involving PHI
Health Status	Diagnoses, treatment information, medical conditions	Public health data that has been de-identified, general wellness information
Biometric Identifiers	Fingerprints, voice prints, genetic information	Biometric data not linked to health information, like fingerprints for security purposes

Read more: History of HIPAA from creation to the current day

Conclusion

It is important to understand what is protected health information (PHI) under HIPAA to maintain patient privacy and compliance. PHI includes a wide range of identifiable health information, from medical records to billing details. Healthcare providers must carefully handle and protect this data to avoid violations. Knowing the difference between PHI and non-PHI helps ensure proper data management. By following HIPAA regulations, healthcare groups can safeguard sensitive information and ensure patient trust.