What Does PHI Stand For?

  If you haven't already, you should study HIPPA. But learning more about it, you may wonder, what does PHI stand for? PHI can stand for a few different things, so it's important to clarify the meaning. That way, you can focus on the details and how you can work with PHI. Keep reading to learn more about PHI.

What Is PHI?

Providers and patients alike may wonder, what does PHI stand for? PHI stands for protected health information. It can refer to various types of information that providers and patients use in giving healthcare. PHI protects patient information so that providers can give quality care. Since care often requires detailed knowledge of the patient, PHI, like all other HIPAA regulations, keeps providers from sharing confidential details with others. There are a few types of PHI that HIPAA protects. Consider the different categories and the examples within them.

Personal Information

Personal information is like it sounds and refers to information identifying the individual patient. Eight types of personal information fall under PHI, so you should keep these details safe when giving care.

  • Names
  • Social Security numbers
  • Telephone numbers
  • Email addresses
  • Fax numbers
  • Elements of dates
  • Geographic data
  • Full face photos and comparable images

Keeping personal information can help maintain patient privacy. But it can also help differentiate similar cases so that you can provide the right care to the right patient. Make sure you have accurate personal information when talking to patients or reviewing files. Then, you can avoid mixing up different files and cases. HIPAA Training Courses  

Medical Records

The next group of PHI that HIPAA covers is medical records. Of course, this information can reveal aspects of a patient's prior care. Healthcare providers can use it to make the best decisions for future care. Here are some examples of protected health information regarding your medical records.

  • Medical record numbers
  • Account numbers
  • Biometric identifiers
  • Health plan beneficiary numbers

It's important to know a patient's history to give proper care. As with other protected health information, you should take patient records seriously. Make sure you don't expose PHI to people who shouldn't have access to it.

Digital Records

With the digital age, the Health Information Portability and Accountability Act (HIPAA) also considers digital records PHI. Protecting digital information requires different methods than physical copies, but it's just as vital. Consider a few types of PHI that are digital.

  • Internet protocol addresses
  • Web URLs
  • Device identifiers and serial numbers

Healthcare providers should use secure devices and software when accessing digital PHI. That way, you can protect the information and keep hackers from getting it.

Other Information

HIPAA covers a few other types of PHI that don't fall into the above categories. But these things are important to keep confidential for your patients. Rounding out the 18 types of PHI, here's what you need to protect as a healthcare provider.

  • Certificate/license numbers
  • Vehicle identifiers and serial numbers
  • Any unique identifying number, characteristic, or code

Whether the information you need covers the patient's personal info or is digital, you need to guard it carefully. HIPAA takes PHI seriously, and you can face harsh consequences if someone else can access the information.

What Is Not PHI?

Along with understanding what is PHI, you should know that not all records in a healthcare facility are necessarily private. Whether you work as a nurse or want to advance your career, consider a few examples:

  • Education records
  • Employee information
  • Paystubs
  • Accounting records

Healthcare organizations have to maintain other records. But as long as those records don't pertain to individual patients, they aren't necessarily PHI. If you're ever unsure if something is PHI, treat it as such. You can always ask your colleagues about the issue. That way, you don't accidentally reveal confidential information, and you can learn what falls outside of HIPAA.

Who Uses PHI?

When considering, what does PHI stand for, you may also wonder who uses it. While patients use their own PHI, many parties in the healthcare field also use it. You should know what parties use PHI so that you can take the right steps in your work. Of course, healthcare professionals use protected health information to take care of patients. But healthcare involves more than the act of meeting with patients and prescribing care. Consider a few different types of people who should use PHI and HIPAA.

Healthcare Providers

Healthcare providers include anyone from nursing aides to doctors. Nurses, nurse practitioners, and physician assistants should also understand PHI and HIPAA. Whether you're new to the field or have been in it for years, you need to know everything that PHI covers. It doesn't matter if you're reviewing a patient's name or their medical records; you need to keep their file safe. You will use PHI on a daily basis in your work. As tempting as it can be to talk about patient cases at home, don't reveal any PHI. You don't want to breach HIPAA or PHI to anyone.

Health Insurance Companies

Now, as a provider, you will need to deal with health insurance companies. They're a HIPAA covered entity, so you can talk to the companies about patients. You may need to discuss patient healthcare costs or insurance beneficiaries. Billing private health insurance companies can take a lot of time, and you should be careful with the information you provide. However, an insurance provider can receive the information they need to adjust patient claims and policy usage information. Be sure that any communication you have with insurance is secure to keep PHI private.

Government Healthcare Programs

If you have patients on government health insurance, like Medicaid or Medicare, you may need to discuss PHI with those entities. Military and veterans' health programs are another example. They also fall under the protection of HIPAA. Like with private insurance, you may need to discuss patient information and care. If so, take steps to secure the communication with email or secure mail. Be prepared to provide information, but keep patient privacy at the forefront of your mind.


Healthcare clearinghouses work with healthcare providers and insurance payers. The clearinghouse will verify medical claims are accurate and that they process correctly. A clearinghouse can also process non-standard data as standard data that can go into the payers' system. Now, these clearinghouses are different from those that you see in your bank statement. Working with healthcare clearinghouses can help process patient claims more quickly. They use electronic systems to process medical claims, and so they do need access to PHI.

PHI vs. ePHI

When trying to figure out, what does PHI stand for, you may come across ePHI. The term stands for electronic protected health information. It refers to any information that HIPAA-covered entities store or transfer electronically. These records could include electronic patient records or a digital invoice for care. To follow the HIPAA Security Rule, you need to take special safeguards. Everyone in the medical office should keep records secure, even staff that aren't providers. A security breach of ePHI can result in major penalties. You should take as many physical and technical safeguards as possible to protect ePHI and PHI.

How to Protect PHI and ePHI

When dealing with PHI, you have a few ways to keep the information secure. The exact steps you take can depend on if you're dealing with PHI or ePHI. One of the best ways to protect PHI is by educating the office staff. You can all take a course on HIPAA to refresh your knowledge, and that could be enough of a reminder to help staff take records more seriously. But there are a few other things you can do in your office to help take care of patients without risking their privacy.

Use Locks

You can use padlocks on filing cabinets that contain physical patient records. That way, you need the key to access the information. Locks can help when people need to leave the office. But using a lock can also help if only certain staff should access records. You can also use a lock on the door to the room with the files. Adding more locks between the outside and the files can provide even more security. Don't forget to lock the computers as well.

Implement Encryption

You should also use encryption when creating or transferring electronic files. Make sure your office has a secure WiFi network so that hackers and visitors can't get on it. Ensure that the other HIPAA-covered entities have encryption before sending files. That way, you don't have to worry about a breach on the other end. You can also use passwords and other electronic safeguards to protect the computers that house the files. Lock and store computers when you aren't using them so that you don't leave the information vulnerable to attacks. Change passwords regularly and make them complicated so that hackers can't guess them. You should also avoid reusing passwords in case someone guessed them in the past. Check for viruses and other security issues regularly. Don't take home a laptop with patient records, and avoid fraud at all costs.

Take Patient Privacy Seriously

Another thing you can do in your office is close doors. Always close doors completely before you start discussing patient information. If you have a patient with a guest, make sure your patient is okay with their guest hearing the information. The same is true if you have someone shadowing you for the day. Always get patient permission before talking about their case with others in the room. If you need to call patients about test results, find a private place to do so. Verify that you are talking to the patient before disclosing anything. Limit access to PHI to those who need it. Patient privacy should be one of your main priorities, next to giving proper care.

How Does PHI Compare to Privacy Rules Abroad?

Another thing you may want to know is how PHI compares to privacy rules in other countries. HIPAA is the standard for patient privacy in the United States, and it balances patient protection with necessary disclosure. In the US, HIPAA grants federal protection to PHI. Patients also have rights to their information and what their provider does with it. Still, providers have the ability to disclose certain pieces of information when necessary, such as to insurance companies. However, other countries have different rules. One great comparison to make is the European Union (EU). The EU has the Great Data Protection Regulation (GDPR). GDPR covers all types of personal information and grants protection of personal data to people in EU member states. It can be hard to follow GDPR, and fines can reach 20 million EUR (16.5 million USD) or up to 4 percent of company revenue. Like in the US, the EU requires that patients give consent to process data for specific purposes. Providers need to give patients a form that's easy to understand where the patient can give that consent. GDPR lists plenty of exceptions regarding health information and personal data. The rules apply in countries like Germany, France, and Spain as well as their territories. While the US has HIPAA and other privacy acts, they are separate. GDPR can protect personal data regarding healthcare and in other capacities, like marketing.

Other Meanings for PHI

You may come across multiple answers to the question, what does PHI stand for? The medical field has multiple other meanings besides the predominant "protected health information" definition. Consider a few other terms that use the acronym PHI:

  • Private health insurance
  • Permanent health insurance
  • Public health institute
  • Public health information
  • Patient health information
  • Personal health information

When talking about PHI, you should state what you mean. While protected health information is the most common definition, you don't want to lead to any confusion.

What Does PHI Stand For?

Whether you're new to working in healthcare or not, you should know, what does PHI stand for? While it can stand for many things, it most commonly means protected health information. It's an essential part of HIPAA, and you need to take it seriously. That way, you don't accidentally reveal PHI to those outside of the office. Do you want to learn more about PHI and HIPAA? View and enroll in our HIPAA courses today.

For 2021 Guidelines for Healthcare Workers, please click here. For 2021 Guidelines for Business Associates, please click here.