{{#if events}} {{#events}}
{{moment startDate format='MMMM'}} {{moment startDate format='DD'}}


{{#if evDesc}} {{truncate evDesc 50}} {{/if}}

Register Now
{{/events}} {{/if}}

What is Protected Health Information (PHI)?

PHI is any information that:

  • Relates to the past, present or future physical or mental health of a person.
  • Relates to the provision or payment for healthcare.
  • Identifies the individual.

    PHI includes medical information as well as demographic information, information about relatives, contact information and most other information that could identify an individual.

    PHI contains "individually identifiable health information."  This is information that also includes demographic details such as an individual's address, gender, Social Security number or date-of-birth. Insurance applications with medical histories, for example, contain individually identifiable health information.

    The HIPAA Privacy and Security Rules protect individually identifiable health information, referred to as Protected Health Information (PHI), held or electronically transmitted by a Covered Entity (healthcare professionals, health plans, healthcare clearinghouse) and their Business Associates (entities that complete functions on the Covered Entities behalf, such as Medicare subcontractors). PHI includes information that identifies the individual or could reasonably be used to identify the individual.  PHI is information, including demographic data, which relates to the:
  • Individual’s past, present or future physical or mental health or condition;
  • Healthcare provided to the individual; or
  • Past, present or future payment for healthcare provided to the individual.

    The HIPAA Privacy Rule protects all PHI in any form or media, whether electronic, paper or oral.  The HIPAA Security Rule applies only to electronic PHI (e-PHI).  In general, this rule requires a Covered Entity to adopt additional safeguards for e-PHI ensuring the confidentiality and availability of all it creates, receives, uses, maintains or transmits.  As you can see, PHI is a critical concept with which you must be familiar.

    So, it is important to remember that the context and combination of information elements will determine whether information is PHI.

    Protecting Individually Identifiable Health Information, additional requirements Safeguarding Protected Health Information: Members of the workforce must employ the appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.

    Use & Disclosure of Information: PHI Confidential information can not be disclosed to others without the individual’s written authorization, except for the purposes of treatment (providing care), payment (claim payment) or health plan operations (examples include but are not limited to: audits, fraud and abuse detection).

    Minimum Necessary:  When collecting, accessing, using or disclosing PHI or when requesting PHI to perform job functions, members of the workforce must make reasonable efforts to limit the use and disclosure to the minimum necessary to accomplish the intended purposes of the use or request.

    Verification:  Members of the workforce must follow CIGNA's procedures to verify the identity of a person requesting PHI and the authority of any such person to have access to PHI.

    Notice of Privacy Practices:  Individuals must receive and have access to a policy that includes a “Notice of Privacy Practices,” which describes how their health information may be used or disclosed and what individual rights they have in relation to this information.

    Individual Privacy Rights:  The HIPAA Privacy Rule provides individuals with certain rights related to their PHI.  These rights include: access and amendment to the PHI.  Patients can also request restrictions on the use and disclosure of their PHI.