What is Protected Health Information (PHI)? - TrueVault

PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.


In other words, PHI is information in your medical records, including conversations between your doctors and nurses about your treatment. PHI also includes your billing information and any medical information in your health insurance company’s computer system.

In order for health data to be considered PHI and regulated by HIPAA it needs to be two things:

  • Personally identifiable to the patient
  • Used or disclosed to a covered entity during the course of care

What are some examples of PHI?

  • Email to your doctor’s office about a medication or prescription you need.
  • Appointment scheduling note with your doctor’s office
  • An MRI scan
  • Blood test results
  • Phone records

What are some examples of non-PHI data?

  • Number of steps in a pedometer
  • Number of calories burned
  • Blood sugar readings without PII (personally identifiable information)
  • Heart rate readings without PII