Frequently Asked Questions : Privacy

What is protected health information (PHI)?

HIPAA defines “protected health information” as individually identifiable health information that is:

  1. Transmitted by electronic media;
  2. Maintained in electronic media; or
  3. Transmitted or maintained in any other form or medium.


Note: Protected health information excludes individually identifiable health information in:

  1. Education records covered by the Family Educational Rights and Privacy Act (FERPA), as amended, 20 U.S.C. 1232g(a)(4)(B)(iv);
  2. Records described at 20 U.S.C. 1232g(a)(4)(b)(iv); and
  3. Employment records held by a covered entity in its role as an employer.


For more details, see our PHI Security Awareness Tip.