Patient Portal
Menu
Patient Portal

Understanding Protected Health Information (PHI)

What Is Protected Health Information?

Protected Health Information, commonly referred to as PHI, is information about your health, healthcare, or payment for healthcare services that can be used to identify you.

PHI is protected by federal privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), and may also be protected by state privacy and confidentiality laws.

Healthcare providers, health plans, and certain healthcare-related organizations are required to take reasonable steps to safeguard PHI and limit access to those who have a legitimate need to use it.

What Information Is Considered PHI?

PHI includes information that relates to:

  • Your past, present, or future physical health
  • Your past, present, or future mental health
  • Healthcare services you have received or may receive
  • Payment for healthcare services

When this information can be linked to your identity, it generally becomes protected health information. Examples of PHI may include:

  • Name
  • Date of birth
  • Address
  • Telephone number
  • Email address
  • Medical record number
  • Patient account number
  • Health insurance information
  • Diagnosis and treatment information
  • Prescription records
  • Laboratory results
  • Imaging reports
  • Appointment records
  • Clinical notes
  • Billing information

What Is Not Considered PHI?

Not all health-related information is considered PHI. Information that has been properly de-identified so that it cannot reasonably be linked to a specific individual is generally not considered protected health information. Examples may include:

  • Statistical health data
  • Research data that does not identify individuals
  • Aggregated healthcare information used for quality improvement or public health purposes

When personal identifiers are removed, the information may often be used for research, education, reporting, or operational purposes without identifying individual patients.

Why Is PHI Important?

Your health information is highly personal and sensitive. Protecting PHI helps:

  • Preserve patient confidentiality
  • Promote trust between patients and healthcare providers
  • Reduce the risk of identity theft
  • Prevent unauthorized disclosure of medical information
  • Ensure compliance with federal and state privacy laws

Patients should feel confident that their personal health information is being handled responsibly and securely.

How Healthcare Providers Use PHI

Healthcare providers use PHI to deliver safe, effective, and coordinated healthcare services.

Treatment

PHI may be used to:

  • Diagnose medical conditions
  • Develop treatment plans
  • Coordinate care among healthcare providers
  • Prescribe medications
  • Monitor patient progress

Payment

PHI may be used to:

  • Process payments
  • Submit insurance claims
  • Verify insurance coverage
  • Collect payment for services rendered

Healthcare Operations

PHI may be used to:

  • Improve patient care
  • Conduct quality assurance activities
  • Train healthcare personnel
  • Perform compliance reviews
  • Manage healthcare operations

Healthcare providers are expected to use only the information reasonably necessary to accomplish these purposes.

Who May Have Access to PHI?

Access to PHI is generally limited to individuals who need the information to perform legitimate healthcare, operational, legal, or regulatory functions. Depending on the circumstances, authorized access may include:

  • Physicians
  • Nurse practitioners
  • Nurses
  • Therapists
  • Pharmacists
  • Medical assistants
  • Billing personnel
  • Compliance personnel
  • Certain contractors and service providers

Individuals who access PHI are generally expected to maintain confidentiality and comply with applicable privacy and security requirements.

How PHI Is Protected

Healthcare organizations use various safeguards to help protect PHI from unauthorized access, use, disclosure, alteration, or destruction.

Administrative Safeguards

  • Employee training
  • Privacy policies and procedures
  • Access controls
  • Risk assessments
  • Compliance monitoring

Physical Safeguards

  • Secure facilities
  • Locked file storage
  • Controlled access areas
  • Visitor restrictions

Technical Safeguards

  • Password protection
  • Encryption
  • Secure networks
  • Electronic access controls
  • Audit logs and monitoring systems

These safeguards are designed to help maintain the confidentiality, integrity, and availability of patient information.

When PHI May Be Shared

Healthcare providers may use or disclose PHI as permitted or required by law. Examples may include:

  • Providing treatment
  • Coordinating healthcare services
  • Processing payment
  • Responding to legal requirements
  • Public health reporting
  • Preventing serious threats to health or safety
  • Government oversight activities authorized by law

In certain situations, patient authorization may be required before information can be shared.

Your Rights Regarding PHI

Patients have important rights regarding their protected health information. These rights may include:

  • Accessing medical records
  • Obtaining copies of records
  • Requesting corrections to inaccurate information
  • Requesting confidential communications
  • Requesting certain restrictions on disclosures
  • Receiving information regarding privacy practices
  • Filing privacy-related complaints

These rights help ensure that patients remain informed and involved in how their health information is maintained and used.

Electronic Protected Health Information (ePHI)

When protected health information is created, stored, transmitted, or received electronically, it is often referred to as electronic Protected Health Information (ePHI). Examples include:

  • Electronic health records
  • Patient portals
  • Telehealth communications
  • Electronic prescriptions
  • Digital imaging records
  • Secure electronic messages

Because electronic information can be transmitted quickly and across multiple systems, healthcare organizations must implement additional safeguards designed to protect electronic data from unauthorized access or disclosure.

APNS Commitment to Protecting PHI

APNS recognizes that health information is among the most personal and sensitive information entrusted to a healthcare provider. We are committed to maintaining appropriate safeguards designed to protect the confidentiality, integrity, and security of protected health information. We strive to use and disclose patient information responsibly, limit access to authorized individuals, and maintain practices that support patient privacy, trust, and quality healthcare.

Protecting patient information is a fundamental responsibility and an essential component of the provider-patient relationship.

For further information, visit the U.S. Department of Health and Human Services – HIPAA for Individuals.

Patient Portal