What Is PHI (Protected Health Information)?

Simply put, protected health information (PHI) is any health data related to past, present, or future physical or mental health that can be linked to an individual and that is collected in relation to the provision of healthcare.

Types of PHI

HIPAA lays out specific guidelines for what constitutes PHI

Protected health information and the requirements for its protection are described in the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides 18 identifiers for what kinds of information should be treated as PHI:

  • Names
  • Small-scale geographic identifiers (like zip codes)
  • Dates related to the individual other than year
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate or license numbers
  • Vehicle identifiers and serial numbers, including license plates
  • Device identifiers and serial numbers
  • Web URLs
  • Internet protocol (IP) addresses
  • Biometric identifiers, including fingerprints, retina scans, and even voice prints
  • Full face photos or similar images
  • Any unique identifying number, characteristic, or code

Why Secure PHI Disposal Is Essential

Why proper PHI disposal is important for complianceFor companies or medical facilities that collect PHI, secure disposal of any outdated or unnecessary health information is crucial for maintaining HIPAA compliance.

For anyone else who may not be directly covered by HIPAA, properly disposing of your PHI is still one of the best ways to protect yourself from identity theft. 

Since just throwing PHI into a dumpster is insufficient for HIPAA compliance, it’s important to use the right disposal methods. For medical waste items like syringes and other sharps, pill bottles, or IV bags that may have a patient’s information on them, there are specific containers in which the waste should be collected.

For paper documents, secure shredding is the only way to make sure they are inaccessible once they are discarded. Prior to shredding, it is essential that any old paper medical records are stored in locking bins for maximum security.

Additionally, because HIPAA’s PHI disposal requirements also apply to electronic information, it’s important to take proper care of old computer hard drives and equipment. Luckily, many shredding services can also handle the complete destruction of hard drives as well as paper. 

This is the only way to make sure the drive is completely unusable, as there is some software that can recover files after they have been deleted.

Need Help With PHI Security and HIPAA Compliance?

Medical Waste Pros partners with professional medical waste disposal providers across the United States. To get started finding the right service for you, fill out the form to the right or just give us a call at 888-755-6370 for a free, no-obligation quote from providers in your area.