HIPAA Data Classification
The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule is a federal law protecting the privacy of medical consumers and setting standards for how health information is used and stored. The law classifies data using the following categories: health information, individually identifiable health information and protected health information (PHI). Individually identifiable health information is a subset of health information, and PHI is individually identifiable health information with several important exceptions.-
Health Information
-
The category of "health information" includes any information pertaining to the medical care of an individual (whether past, present or future) as created or maintained by a provider, insurer, employer, school or public health authority (such as the Center for Disease Control or Department of Public Health). Because this is the broadest category, "health information" as such is not protected by HIPAA.
Individually Identifiable Health Information
-
This more selective category, a subset of health information, includes the entirety of the preceding definition along with the additional qualification that the information identifies an individual or provides a reasonable basis to believe that it could be used to identify an individual.
Protected Health Information
-
Protected health information (PHI) is what the provisions of HIPAA were designed to protect. It includes the entirety of individually identifiable health information with the exception of some education and employment records. (For more information, refer to the Family Educational Rights and Privacy Act.)
-