Protected Health Information (PHI)
The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. Privacy Rules call this information, protected health information (PHI).
Protected Health Information (PHI) is information, including demographic data, which relates to:
- the individual’s past, present or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the individual,
- the individual’s identity, including Personally Identifiable Information (PII), or for which there is a reasonable basis to believe it can be used to identify the individual.