Protected Health Information (PHI)

PHI is individually identifiable health information held or transmitted by a HIPAA-covered entity or business associate, in any form. The HIPAA Privacy Rule defines 18 specific identifiers.

What counts as PHI

PHI is the HIPAA-specific term for health information that (a) is created or received by a covered entity or business associate, (b) relates to past, present, or future physical or mental health, treatment, or payment for healthcare, and (c) identifies or could reasonably identify the individual. The HIPAA Privacy Rule (45 CFR 164.514) enumerates 18 specific identifiers — names, dates more granular than year, ZIPs above 3 digits in low-population areas, medical record numbers, biometrics, full-face photos, IP addresses, and more. ePHI (electronic PHI) is PHI in any electronic form and triggers the Security Rule's technical safeguards.

AI vendors and PHI

An AI vendor that touches PHI is a business associate under HIPAA and must sign a Business Associate Agreement (BAA) with the covered entity. The BAA flows the Privacy and Security Rules down to the vendor and the vendor's own sub-processors. Vendors that "do not see PHI" because of de-identification still need to prove the de-identification meets either the Safe Harbor (remove all 18 identifiers) or Expert Determination (statistical) standard. Verbal claims of "we don't store PHI" are not evidence; the contract and the technical controls are.

Procurement questions

Does the vendor sign a standard BAA without significant edits? Are all sub-processors listed and BAA-flowed? Where is ePHI stored geographically, what encryption is applied at rest and in transit, and what is the breach-notification SLA (60 days under HIPAA, but contractual SLAs are often tighter)? Is PHI ever used to train shared models, or is training isolated to the covered entity's tenant? Does the vendor support patient-rights requests (access, amendment, accounting of disclosures) when those records sit inside the AI system?