Personal health information (PHI) is any health information that can be used to identify an individual and is data typically used by healthcare providers. It consists of patient demographics, medical histories, laboratory and test results, medical images, insurance information and more that are typically collected and generated by healthcare providers during the delivery of past, present or future care. Within the United States, the Health Insurance Portability and Accountability Act (HIPAA) limits privacy to PHI. While in the European Union (EU), General Data Protection Regulation (GDPR) is the broader privacy regulations beyond PHI to include sensitive personal data, such as race, religion, politicali party, and sexual orientation, and other identifiers that in combination can be used for indirect identification by inference. GDPR protects EU citizens and residents not only when within the EU but also outside of EU.
With digital healthcare, IoT and personalized medicine, PHI is collected, stored, generated and used to provide more efficient and effective healthcare. This requires additional steps and procedures to ensure security and compliance of PHI.
Learn more about GDPR and HIPAA here
Industry best practices to comply with HIPAA and GDPR security and privacy rules includes,
Overview of industry best practices for PHI security and privacy
Contact us for more information.
