What is protected health information (PHI)?
HIPAA defines “protected health information” as individually identifiable health information that is:
- Transmitted by electronic media;
- Maintained in electronic media; or
- Transmitted or maintained in any other form or medium.
Note: Protected health information excludes individually identifiable health information in:
- Education records covered by the Family Educational Rights and Privacy Act (FERPA), as amended, 20 U.S.C. 1232g(a)(4)(B)(iv);
- Records described at 20 U.S.C. 1232g(a)(4)(b)(iv); and
- Employment records held by a covered entity in its role as an employer.
For more details, see our PHI Security Awareness Tip.