PHI is any personal health information that potentially identifies an individual that was created, used, or disclosed in the course of providing healthcare services, including, but not limited to:
- Names
- Addresses
- Date of birth
- Social security number
- Payment or billing information
- Medical records (electronic or paper)
Depending on your organization’s function in the healthcare ecosystem, you may be handling PHI either directly or indirectly. While certain organizations have a greater obligation to safeguard patient information under HIPAA, you should be doing your part to ensure that this information is secure and well-protected.