Protected Health Information (PHI)

Individually identifiable health information is considered PHI protected under HIPAA when ALL of the following apply: 

  • Obtained from a covered entity (healthcare provider, plan, or clearinghouse)
  • Containing any direct or indirect identifiers from a defined “HIPAA identifiers”  list
  • About health, healthcare, and/or payment for healthcare 

See Research A-Z webpages HIPAA and Protected Health Information (PHI).