Awareness article
PHI Examples
Real-world examples of what counts as PHI, what usually does not, and where healthcare teams accidentally create PHI in everyday operations.
Short answer
PHI examples are most useful when they mirror daily operations. Patient names in task comments, appointment reminders with care context, and spreadsheet trackers with treatment details are common examples.
PHI examples are easiest to understand when they sound like ordinary work. A staff member writing, “Send Jose his sleep study packet,” has already created PHI in a workflow note even if the note is not in the chart.
Common PHI examples
- an intake form with name, phone number, and reason for visit
- a spreadsheet with patient names and prior authorization status
- a task comment about lab follow-up for a named patient
- a voicemail transcript that mentions diagnosis or treatment
- a shared drive folder named with a patient and procedure
Common non-PHI examples
- an internal task that says “review open referrals” with no patient identifiers
- a staffing schedule with employee names only
- a generic policy checklist with no patient-linked content
Related pages
Use What Counts as PHI in a Small Clinic for the core definition, PHI in Spreadsheets for one risky workflow, and /product#tasks-audit if the task system itself is the problem.
PHI Fundamentals
Core PHI and ePHI definitions, identifiers, edge cases, and data-classification concepts healthcare teams need before tool selection.
HIPAA and Wearable Devices: When Fitbit and Apple Watch Data Is PHI
HIPAA and wearable devices: when Fitbit, Apple Watch, and Garmin data becomes PHI, what BAA obligations arise, and how FTC rules cover gaps HIPAA doesn't.
Building a HIPAA-Compliant AI Use Policy for Your Clinic
How to build a HIPAA-compliant AI use policy for your clinic: approved tools, BAA requirements, prohibited inputs, staff training, and OCR's guidance on AI.
Sources
- Privacy Rule Summary · HHS