Protected Health Information (PHI)
Definition
Individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium. PHI includes demographic data, diagnosis codes, treatment records, and billing information when linked to an individual.
Related terms
- Addressable Implementation Specification
- A HIPAA Security Rule specification that organisations must assess for reasonableness and appropriateness. If reasonable and appropriate, it must be implemented; if...
- Business Associate
- A person or entity that performs services for a HIPAA covered entity that involve creating, receiving, maintaining, or transmitting protected health information...
- Cardholder Data Environment (CDE)
- The people, processes, and technology that store, process, or transmit cardholder data or sensitive authentication data. PCI-DSS requirements apply to the CDE...
- Covered Entity
- Under HIPAA, a healthcare provider that transmits health information electronically, a health plan, or a healthcare clearinghouse. Covered entities are directly subject...
- Qualified Security Assessor (QSA)
- An individual certified by the PCI Security Standards Council to perform on-site PCI-DSS assessments for merchants and service providers that cannot self-certify....
Explained in
- HIPAA and PCI-DSS Compliance RequirementsIndividually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium. PHI includes demographic...