PHI is protected health information and ePHI is electronic protected health information.
Under HIPAA, PHI refers to individually identifiable health information. Individually identifiable health information is that which can be linked to a particular person. Specifically, this information can relate to:
- The individual's past, present or future physical or mental health or condition,
- The provision of health care to the individual, or,
- The past, present, or future payment for the provision of health care to the individual.
Common identifiers of health information include names, social security numbers, addresses, and birth dates.
Here's the broader set of 18 identifiers of PHI:
- Names (of patients, relatives, or employers)
- Social security numbers
- Device identifiers and serial numbers
- All geographic subdivisions smaller than a State
- Medical record numbers
- Web Universal Resource Locators (URLs)
- All elements of dates (except year) including birth date, admission date, discharge date, date of death; and all ages over 89
- Health plan beneficiary numbers
- Internet Protocol (IP) address numbers
- Telephone numbers
- Account numbers
- Biometric identifiers, including finger and voice prints
- Fax numbers
- Certificate/license numbers
- Full face photographic images and any comparable images
- Electronic mail addresses
- Vehicle identifiers and serial numbers, including license plate numbers
- Any other unique identifying number, characteristic, or code
Watchtower enables you to discover, classify, and protect forms of PHI across your cloud applications, like Slack, so you can prevent PHI from entering these systems. This will help you keep sensitive customer data safe, and avoid bringing these systems in scope for compliance. Learn more about Watchtower, watch a demo, or start a free trial here.