What is PHI and What is Not PHI?

December 31, 2019

Protected Health Information (PHI) is basically the personally identifiable health information that is protected and regulated by the Health Insurance Portability and Accountability Act, better known as HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) was filed or rather written 20 years ago when smartphones were a distant reality.

Therefore, everything related to this act was penned down for mostly an analog world of physical X-rays and even paper files. And in today’s era of wearables, genetic sequencing, health apps, and much more, getting a proper and precise definition of PHI can be quite difficult to understand, especially for the developers who are trying to parse or figure out whether they need to be HIPAA compliant or not.

Through this post, we hope to provide a clearer picture of what exactly is PHI or Protected Health Information and what is not considered PHI. And hopefully, you as a healthcare software developer will be able to use the below-mentioned information as a reference while you are determining if all the information that you are collecting for your digital health solution fall under PHI or not.

Covered Entities and Business Associates

Before we proceed further to talk about the definition of PHI, what information constitutes PHI and what doesn’t, let’s first understand two major definitions under HIPAA and those are – Business Associates and Covered Entities.

Covered Entities

A covered entity is basically a person who provides treatment, payment, as well as the operations in the healthcare sector. According to the U.S. Department of Health & Human Services, healthcare providers, health plans, and healthcare clearinghouses fall under the covered entities. The healthcare providers usually include doctors, clinics, dentists, psychologists, nursing homes, pharmacies, chiropractors, and last but not the least, the hospitals.

Health plans include the health insurance companies, company health plans, HMOs, Medicare & Medicaid. In fact, schools and employers that handle the PHI in order to enroll their employees and students in any sort of health plan also fall under the definition of a Health Plan.

Here’s a complete list of entities that come under covered entities. Please take a look.

  • Dental and doctors’ offices, clinics, psychologists
  • Insurance companies, health plans, HMOs
  • Pharmacies, nursing homes, home healthcare agencies or hospitals
  • Healthcare clearinghouses
  • Government programs that contribute towards healthcare

Read More About Protected Health Information (PHI).

Article Tags:
Article Categories:

Leave a Comment