PHI Definition and Data Elements
Below is an excerpt from the U.S. Department of Health & Human Services that defines PHI and PHI data elements:
Protected Health Information: The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI).
“Individually identifiable health information” is information, including demographic data, that relates to:
- the individual’s past, present or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the individual,
- the individual's identity or for which there is a reasonable basis to believe it can be used to identify the individual.
Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
PII Definition and Data Elements
Per the Executive Office of the President, Office of Management and Budget (OMB) and the U.S. Department of Commerce, Office of the Chief Information Officer, "The term “personally identifiable information” refers to information which can be used to distinguish or trace an individual's identity, such as their name, Social Security Number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc."
California Senate Bill SB 1386: "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
(1) Social Security Number
(2) Driver's license number or California Identification Card number
(3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account