What Is PHI (Protected Health Information)?

| | 3 minute read

Simply put, protected health information (PHI) is any health data related to past, present, or future physical or mental health that can be linked to an individual and that is collected in relation to the provision of healthcare.

If this information is stolen, it can be sold and used to commit fraud. It is often used for access to medical care in the victim’s name, and it can go undetected for months or even years.

Types of PHI

HIPAA lays out specific guidelines for what constitutes PHI

Protected health information and the requirements for its protection are described in the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides 18 identifiers for what kinds of information should be treated as PHI:

  • Names
  • Small-scale geographic identifiers (like zip codes)
  • Dates related to the individual other than the year
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate or license numbers
  • Vehicle identifiers and serial numbers, including license plates
  • Device identifiers and serial numbers
  • Web URLs
  • Internet protocol (IP) addresses
  • Biometric identifiers, including fingerprints, retina scans, and even voiceprints
  • Full face photos or similar images
  • Any unique identifying number, characteristic, or code

Why Secure PHI Disposal Is Essential

Why proper PHI disposal is important for complianceFor companies or medical facilities that collect PHI, secure disposal of any outdated or unnecessary health information is crucial for maintaining HIPAA compliance.

  • Medical Waste PHI—These items include syringes and other sharps, pill bottles, or IV bags that may have a patient’s information on them. There are specific containers in which the waste should be collected that are color-coded to ensure it is transported and destroyed safely.
  • Paper Documents with PHI—Secure shredding is the only way to make sure they are inaccessible once they are discarded. Prior to shredding, it is essential that any old paper medical records are stored in locking bins for maximum security.
  • Electronic PHI—Shredding your electronic devices is the only way to make sure the drive is completely unusable because some software can recover files after they have been deleted. Luckily, many shredding services can also handle the complete destruction of hard drives as well as paper. 

Need Help Finding Medical Waste Disposal Providers?

Medical Waste Pros partners with professional medical waste disposal providers across the United States. Our agents can connect you with regulated, hazardous, and household medical waste professionals. To get started finding the right service for you, fill out the form to the right or just give us a call at 888-755-6370 for a free, no-obligation quote from providers in your area.