Awareness article
PHI vs PII
How PHI differs from personally identifiable information, where they overlap, and why healthcare teams should not treat them as interchangeable.
Short answer
PII is a broader privacy concept about information that identifies a person. PHI is narrower and healthcare-specific: identifiable information tied to health, care, or payment context.
PII is a broad privacy term for information that identifies a person. PHI is a healthcare term for identifiable information connected to health, treatment, or payment. The overlap is real, but the workflows and obligations are not interchangeable.
Where PHI and PII overlap
Names, phone numbers, addresses, email addresses, and dates can all be identifying data. When those details are tied to care or billing context, they usually become PHI.
Where PHI and PII differ
PII can describe a person in many settings outside healthcare. PHI is specifically about healthcare and HIPAA-regulated use. A team that says, “We only store PII here,” may still be storing PHI if the workflow clearly relates to patient care or payment.
Related pages
Use 18 HIPAA Identifiers for the practical checklist, Jotform if the issue is forms data, and /hipaa for the broader product and workflow lens.
PHI Fundamentals
Core PHI and ePHI definitions, identifiers, edge cases, and data-classification concepts healthcare teams need before tool selection.
HIPAA and Wearable Devices: When Fitbit and Apple Watch Data Is PHI
HIPAA and wearable devices: when Fitbit, Apple Watch, and Garmin data becomes PHI, what BAA obligations arise, and how FTC rules cover gaps HIPAA doesn't.
Building a HIPAA-Compliant AI Use Policy for Your Clinic
How to build a HIPAA-compliant AI use policy for your clinic: approved tools, BAA requirements, prohibited inputs, staff training, and OCR's guidance on AI.
Sources
- Privacy Rule Summary · HHS