PHI (Protected Health Information)

Category: legal

Any information in a medical record that can be used to identify an individual patient, regulated by HIPAA.

PHI encompasses names, addresses, social security numbers, medical record numbers, and biometrics. Handling PHI requires strictly encrypted digital records, restricted physical access to charts, and "minimum necessary" access policies for clinical and administrative staff.

Common Examples

  • The hospital’s security officer mandated a total purge of all unencrypted PHI data logs to ensure full HIPAA compliance parity.
  • Disposing of paper files containing PHI requires mandatory cross-cut shredding to prevent potential identity theft and massive legal breach payouts.

AvoCoLab – Community, News & Market Intelligence