HIPAA protects an individual’s health information and his/her demographic information. This is called “protected health information” or “PHI”. Information meets the definition of PHI if, even without the patient’s name, if you look at certain information and you can tell who the person is then it is PHI. The PHI can relate to past, present or future physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, email, fax, or verbal communications.
HIPAA defines information as protected health information if it contains the following information about the patient, the patient’s household members, or the patient’s employers:
- Dates relating to a patient , i.e. birthdates, dates of medical treatment, admission and discharge dates, and dates of death
- Telephone numbers, addresses (including city, county, or zip code) fax numbers and other contact information
- Social Security numbers
- Medical records numbers
- Finger and voice prints
- Any other unique identifying number