PHI is an acronym that stands for Protected Health Information. In a nutshell, is any information that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity) that can be linked to a specific individual , in regards to personal / health status, provision of health care, or payment for health care. 

​

According to HIPAA, Information that is considered to be PHI includes the following: 

• Names

• Geographic subdivisions smaller than a state

• All elements of dates (except year) related to an individual (including admission and discharge dates, birthdate, date of death, all ages over 89 years old, and elements of dates (including year) that are indicative of age)

• Telephone, cellphone, and fax numbers

• Email addresses

• IP addresses

• Social Security numbers

• Medical record numbers

• Health plan beneficiary numbers

• Device identifiers and serial numbers

• Certificate/license numbers

• Account numbers

• Vehicle identifiers and serial numbers including license plates

• Website URLs

• Full face photos and comparable images

• Biometric identifiers (including finger and voice prints)

• Any unique identifying numbers, characteristics or codes

​