PHI (Protected Health Information)
ComplianceAny individually identifiable health information held or transmitted by a covered entity or its business associates, in any form (electronic, paper, or oral). PHI includes 18 specific identifiers such as names, dates, phone numbers, email addresses, Social Security numbers, and medical record numbers when connected to health data.
Related terms
HIPAA
Health Insurance Portability and Accountability Act, a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. HIPAA includes the Privacy Rule (who can access PHI), the Security Rule (technical safeguards required), and the Breach Notification Rule (what to do if data is compromised). Any healthcare provider or vendor handling patient data must comply.
Covered Entity
Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Covered entities must comply with all HIPAA regulations including the Privacy Rule, Security Rule, and Breach Notification Rule. Most healthcare practices using digital intake forms are covered entities.
Encryption (AES-256 / TLS 1.3)
The process of converting data into a coded format that can only be read with the correct decryption key. AES-256 (Advanced Encryption Standard with 256-bit keys) is used for data at rest. TLS 1.3 (Transport Layer Security) encrypts data in transit between the patient's device and the server. Both are required for HIPAA compliance.
Discover how phi (protected health information) works with Formisoft
Try Formisoft free for 14 days. No credit card required—instant setup!