The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule protects individually identifiable health information, called PHI, held or transmitted by a covered entity or its business associate, in any form, whether electronic, paper, or verbal. PHI includes information that relates to all of the following: the individual’s past, present, or future physical or mental health or condition; the provision of health care to the individual; the past, present, or future payment for the provision of health care to the individual. PHI includes many common identifiers, such as name, address, birth date, and Social Security number.
Retrieved from Center for Medicare and Medicaid Services. (2018). https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf