Protected Health Information (PHI)

The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI).

“Individually identifiable health information” is information, including demographic data, that relates to:

  • The individual's past, present or future physical or mental health condition
  • The provision of health care to the individual
  • The past, present, or future payment for the provision of health care to the individual
  • Any information that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual as a patient, student, or employee

Individually identifiable health information includes many common identifiers such as:

  • Name
  • Address
  • Any Date (birth date, admit date, appointment date, discharge date)
  • Social Security Number
  • Bear Number
  • Telephone and Fax numbers
  • Electronic (email) addresses
  • Insurance l.D. number, account number, demographics associated with insurance information
  • Marital status
  • Parents information
  • Driver's license
  • Sign in sheets at Health Center, Counseling Center, Recreation Center, Psychological Clinic, Cancer Rehab Center
  • Any other information that may identify an individual