Protected Health Information (PHI)

For use under the HIPAA Policies of the University

​​A person or patient’s information related to:

  • Past, Present, Future
  • Mental or Physical Health (or related billing information)
  • Which can be connected to the individual by an "identifier" (18 listed below)
  • And which can come in all forms – including oral, written, electronic, etc.

Excludes employment records and education records (think HR/FERPA)

PHI can be shared without a patient’s authorization for purposes of:



Healthcare O-perations

18 Identifiers: which can connect an individual to their PHI, making it identifiable.

Remember, per the definition above, PHI is not limited to these 18 identifiers

  1. Names;
  2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000;
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
  4. Telephone numbers;
  5. Fax numbers;
  6. E-mail addresses;
  7. Social Security numbers;
  8. Medical records numbers;
  9. Health plan beneficiary numbers;
  10. Account numbers;
  11. Certificate/license numbers;
  12. Vehicle identifiers and serial numbers, including license plates;
  13. Device identifiers and serial numbers;
  14. Web Universal Resource Locators (URLs);
  15. Internet Protocol (IP) address numbers;
  16. Biometric identifiers (including finger and voice prints);
  17. Full face photographic images and any comparable images; and,
  18. Any other unique identifying number, characteristic, or code (with some exceptions and requirements).

HIPAA Contacts


HIPAA Privacy Official
Lori Hopper

Interim HIPAA Security Officer:
Laura Morris

Signatory Official:
Alison Lakin