HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Author Archive


Definition of PHI

Posted by: | Comments (7)
Email This Post Print This Post

We have a question on the definition of PHI. We have read § 160.103 definitions for PHI and individually identifiable health information as well as sections § 164.502(d) and § 164.514 on de-identification. Unfortunately we have different interpretations. If the following information is disclosed, would this be PHI?

  1. Patient name, address, patient number, admit date, account balance, and the name of the hospital
  2. Patient name, patient number, date of birth, date of service, medical record number, and name of hospital

These would appear in the form of a letter to patient. If they were received by someone other than the patient, would this be considered PHI since the person who received it would not be able to determine anything about the patient’s diagnosis or treatment received at hospital? Also, there is no way for the person to access the patient’s information since the patient number or medical record number would have to be looked up in the hospital’s information system.

LaWanda Gray

Categories : HIPAA Q&A
Comments (7)