What is the relationship between HIPAA and PHI?
PHI (Protected Health Information) is defined under Part 164, Subpart E, section 164.501 of HIPAA. PHI is Individually Identifiable Health Information (IIHI) that is: * Transmitted as Electronic Media or * Stored in any medium described as electronic media in § 164.502 of SubSection E or * Is transmitted or maintained in any other form or medium But excludes: * Education records as covered under the Family Education Rights and Privacy Act (FERPA) as ammended 20 U.S.C 1232g; and * Records as described at 20 U.S.C 1232g(a)(4)(B)(iv); and * Employment Records held by a Covered Entity in its role as employer. In practice at this time, PHI is treated as IIHI in that the emphasis on electronic communications is no longer considered a means of excluding IIHI from the PHI header. As such, HIPAA's function under the Privacy Rule (Section 164 of Subchapter C of the Act) is define PHI and to then discuss the means whereby PHI will be protected and the exclusions thereto. In simpler terms, the Privacy and Security sections of HIPAA were included to protect patient privacy. PHI is the information that is being protected. HIPAA explains when and how to protect this information, and the various reasons that such protections may be overridden.