PHI or PII – What’s the Difference?


The terms protected health information (PHI) and your personal data (PII) are frequently used interchangeably.  But when they may seem such as the same factor, you will find variations that set them apart, and that’s particularly true with regards to HIPAA.

What’s the main difference?

PII is any information that may be tracked to some person’s identity.  PHI pertains to HIPAA-covered entities which contain identifiable health information.  Presuming which you can use them for the similar purpose can result in compliance issues for just about any healthcare business.  Let’s consider the primary variations and the best way to take measures to safeguard PHI and keep a HIPAA-compliant business.

Based on the National Institute of Standards and Technology (NIST), your personal data “is not produced equal” and really should simply be collected if essential to be able to minimize the amount of impact should a breach occur. PII could be directly or not directly associated with an individual’s identity.  For instance, an unknown number can identify someone, however a ssn can identify a person.  Both are PII and can have different effects towards the individual if they’re acquired.

Other kinds of PII include:

  • Passport figures
  • License figures
  • Address
  • Current Email Address
  • Biometric data
  • Medical information
  • Financial Information
  • Employment data
  • Educational information

The medical information could be both PII and PHI.  Think about the protected health information like a subset from the your personal data that particularly refers back to the health information of the baby that’s distributed to HIPAA-covered entities.  This kind of data includes lab reports or medical records, and the individual’s past, present, or future mental and physical health.  When financial information relates to hospital bills, it’s also regarded as PHI.

Organizations can take away the PHI of PII by taking out the 18 aspects of PHI.  Instructions in the U.S. Department of Health &amp Human Services regarding how to do that correctly are available here.

Finish to Finish Protection

A company must place the protection of both PII and PHI towards the top of its priorities, meaning making certain that both HIPAA compliance and cybersecurity measures have established yourself.  NIST makes observe that “an organization cannot correctly safeguard PII it doesn’t know about”.  A burglar risk assessment can help with identifying this kind of information in addition to any security gaps that the small business to treat.  HIPAA Secure Now can sort out all this, so let’s talk today to actually are protecting your patients as well as your business!


The publish PHI or PII – What’s the main difference? made an appearance first on HIPAA Secure Now!.


CEO, Author of the #1 Risk to Small Businesses

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}