3 min read

What is PHI?

By Rose Doherty on 11/23/15 8:00 AM


Protected Health Information (PHI) is defined as information in any format that identifies the individual, including demographic information collected from an individual that can reasonably be used to identify the individual.  PHI is information created or received by a healthcare provider, insurance company, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual.  

In order for Covered Entities and Business Associates to protect PHI, it is critical that you are aware of these 18 identifiers that constitute that the information qualifies as PHI. 

18 Identifiers That Define Protected Health Information (PHI)

Under the HIPAA Privacy Rule "Identifiers" of PHI include: 

1. Names

2. Geographic subdivisions smaller than a state, except the first three digits of a zip code if the geographic unit formed by combining ALL zip codes with the same 3 initial digits contains more than 20,000 people and the initial 3 digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

3.  All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, and date of death and all ages over 89 and all elements of dates (including year) indicative of such age (except that such ages and elements may be aggregrated into a single category of age 90 or older)

4. Telephone numbers

5. Fax numbers

6. Electronic mail addresses

7.  Social Security numbers

8.  Medical record numbers

9.  Health plan beneficiary numbers

10.  Account numbers

11. Certificate/license numbers

12.  Vehicle identifiers and serial numbers, including license plate numbers

13.  Device identifiers and serial numbers

14.  Web Universal Resource Locators (URLs)

15.  Internet Protocol (IP) addresses

16.  Biometric identifiers, including finger and voice prints

17.  Full face photographic images and any comparible images

18.  Any other unique identifying number, characteristic, or code (excluding a random identifier code for the subject that is not related to or derived from any existing identifier.


Need help with HIPAA Compliance, Protecting ePHI, or conducting a Security Risk Analysis?   Call IntelliSuite at 877-843-5767, or contact us at http://www.intellisuite.com/contact/.


Rose Doherty

Written by Rose Doherty