New Feature Alert: Accept Payments via Stripe

Understanding PHI and Why It Matters

Understanding PHI and Why It Matters

Why Does HIPAA Matter?

HIPAA (Health Insurance Portability and Accountability Act) has been revolutionary for the privacy of patients’ health information. This topic of protecting patient information is especially relevant in this day and age with electronic patient records and telehealth visits presenting unforeseen questions surrounding patient privacy. But what exactly constitutes Protected Health Information (PHI)?

Examples of PHI

Not sure if a specific type of patient information is classified as PHI? A good rule of thumb to follow is that if the information can be used to identify the patient, then it’s safe to say that it is most likely PHI.

Alphabetized patient files representing PHI and an example of staying HIPAA-compliant

According to HIPAA, the 18 identifiers for PHI include the following:

  • Full name or last name and initial
  • All geographical identifiers smaller than a state
  • Dates (other than year) directly related to an individual such as birthday or treatment dates
  • Phone Numbers including area code
  • Fax numbers
  • Email addresses
  • Social Security number
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Bank Account numbers
  • Certificates/driver’s license numbers
  • Vehicle identifiers (including VIN and license plate information)
  • Device identifiers and serial numbers;
  • Web Uniform Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers including fingerprints, retinal, genetic information, and voiceprints
  • Full-face photographs and any comparable images that can identify an individual
  • Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data

What is ePHI?

Any information that is in an electronic format and can be classified as PHI can also be considered electronically protected health information (ePHI). According to the HIPAA Security Rule, organizations must adopt certain measures in order to keep ePHI confidential. 

ePHI may be present in the following mediums:

  • Personal computers with internal hard drives used at work, home, or while traveling
  • External portable hard drives
  • Magnetic tape
  • Removable storage devices, including USB drives, CDs, DVDs, and SD cards
  • Smartphones and PDAs
  • Means of transmitting data via wi-fi, Ethernet, modem, DSL, or cable network connections including:
    • Email
    • File transfers


Patients have rights over any PHI that a Covered Entity (CE) is in the possession of. Administrative, physical, and technical safeguards are required to be present in order to keep patient information safe. Although patient information may need to be released in order for patients to receive care (which is allowed under the HIPAA Privacy Rule), there must still be certain procedures in place in order to keep PHI safe in a situation like that.

The Importance of HIPAA

Imagine a world where one’s ability to obtain a loan, a job, or health insurance has the potential to be compromised, due to private medical information being leaked without repercussions. This is the kind of situation that HIPAA aims to prevent. Your patients’  medical information deserves to be kept private. Are you taking the steps to ensure that HIPAA regulations are being followed in your practice?


Join Our Newsletter

By submitting this form, I confirm that I have read and understood HIPAA Video's Privacy Policy. I understand that I may unsubscribe from HIPAA Video communications at any time.

Connect with your clients securely and seamlessly with


Free 30-day trial. No credit card required. Cancel anytime.

Scroll to Top