Topic hub

PHI Fundamentals

A hub for the definitions, identifiers, exceptions, and edge cases healthcare teams need before they choose tools or workflows for patient information.

Short answer

PHI fundamentals means knowing what information is regulated, what turns ordinary data into PHI, and which exceptions or special categories change how the data may be used.

PHI fundamentals is the foundation for every other HIPAA decision. If your team cannot quickly identify what counts as PHI, what counts as ePHI, and where exceptions apply, you will over-share in some workflows and over-restrict in others.

PHI fundamentals pages

What PHI fundamentals answers

These pages answer the questions healthcare teams ask before they choose software or write policy:

  • What makes information PHI in the first place?
  • Which identifiers make a data set risky?
  • When is data de-identified, limited, or still fully regulated?
  • Which disclosures are still violations, and which are incidental under the rule?
  • Which systems become part of the designated record set versus operational tools around it?

What to do after this hub

Use PHI Workflows once your team agrees on the definitions and needs to decide where PHI can live in email, texting, spreadsheets, AI tools, or intake workflows.

Use PHI Tools and Vendors when the open question is whether a specific software vendor can support the workflow safely.

Use the HIPAA self-assessment if you need to translate these concepts into a practical gap list.

HIPAA and Wearable Devices: When Fitbit and Apple Watch Data Is PHI

HIPAA and wearable devices: when Fitbit, Apple Watch, and Garmin data becomes PHI, what BAA obligations arise, and how FTC rules cover gaps HIPAA doesn't.

Building a HIPAA-Compliant AI Use Policy for Your Clinic

How to build a HIPAA-compliant AI use policy for your clinic: approved tools, BAA requirements, prohibited inputs, staff training, and OCR's guidance on AI.

PHI Retention and Destruction Requirements Under HIPAA

HIPAA data retention and PHI destruction requirements: what 45 CFR §164.530(j) requires, state law overlays, approved destruction methods, and BA...

PHI in Photographs and Audio/Video Recordings

When do patient photos and recordings constitute PHI under HIPAA? What requires authorization, how to store images, and what exceptions apply for treatment.

Safe Harbor De-Identification for Small Clinics

How HIPAA safe harbor de-identification works for small clinics. All 18 identifiers, partial de-identification mistakes, and when data is truly outside HIPAA.

ePHI vs PHI: Key Differences Explained

ePHI vs PHI explained: PHI covers paper, oral, and electronic health info; ePHI is the electronic subset governed by the HIPAA Security Rule.

What Does PHI Stand For?

PHI stands for Protected Health Information. Plain definition, HIPAA citations, examples, and what it means for small medical practices.

ePHI Explained: Technical Safeguards Mapped

ePHI is electronic protected health information governed by the HIPAA Security Rule. Learn the technical safeguards, what they require, and how to apply them.

HIPAA Minimum Necessary Rule

The HIPAA minimum necessary rule limits PHI disclosures to what is needed for the purpose. Learn the standard, exemptions, and how it applies to clinic staff.

PII Data Examples: What Counts and What Does Not

PII examples for healthcare teams: names, IDs, biometrics, and combinations that identify individuals. Learn when PII becomes PHI under HIPAA.

18 HIPAA Identifiers

18 HIPAA identifiers explained for healthcare teams with a practical screening list for workflows, forms, spreadsheets, and software.

De-Identified Data vs PHI

De-identified data vs PHI explained for healthcare teams, including why partial redaction is not enough.

Designated Record Set

Designated record set explained for healthcare teams, including what belongs in it and what does not.

Incidental Disclosure

Incidental disclosure explained for healthcare teams, including when it may occur and when it does not excuse poor workflow design.

PHI Examples

PHI examples for healthcare teams including task comments, forms, messages, spreadsheets, and file-sharing workflows.

PHI vs PII

PHI vs PII explained for healthcare teams: overlap, differences, and why the distinction matters in workflows and vendor reviews.

Limited Data Set

Limited data set explained for healthcare teams, including how it differs from PHI and de-identified data.

What Is ePHI?

What is ePHI? Learn when PHI becomes electronic protected health information and what that means for systems and workflows.

Sources

FAQ

PHI Fundamentals questions small clinics ask

Who should use this hub?

Privacy officers, operations leaders, IT admins, and any healthcare team deciding where patient-linked information may be stored or shared.

Does this hub replace legal advice?

No. It is an operational reference for classification and workflow decisions, not legal advice.

Operational assurance

Move from policy documents to a working compliance program.

PHIGuard turns these workflows into repeatable tasks, audit evidence, and role-based processes for small clinics.

Start free trial

No credit card required. Add billing details later if you want service to continue after the trial.