25 comments on “HIPAA ‘Protected Health Information': What Does PHI Include?”

  1. Can nurse contact me and then go and tell her daughter that she talked to me because her daughter is in love with my son and I moved my family to another state and she wanted to no if she bring my records to me.

    1. Did the daughter know beforehand where you moved to? As long as no protected health information was given to the daughter that she didn’t already know from your son such as your name, address, etc. Then, it’s OK I would think. But I’m no expert so don’t quote me. I do have an issue however with using her daughter to deliver your records. She could easily open them and read them. They should essentially be mailed to you with a signature request of receipt.

  2. How can my parents get my brothers medical records from his primary care doctor here in Oklahoma? Do we need to have a certain form to get medical records of my deceased brother? We are needing records for a wrongful death suit against his wife and need brothers medical records? Do you have a standard form so we can get court to let us get records?

    1. We don’t have a form we can share for this. Your lawyer should be able to provide some guidance on how to go about obtaining the records. Sorry for your loss.

  3. Is the fact that a patient has died protected health information? Can a clinician notify other staff of the patient’s death by name via text message?

    1. Tom, yes this is protected health information. Additionally, deceased individuals PHI is protected for 50 years after their death.

      There are a few exceptions, however. Notification to law enforcement, coroners, organ procurement organizations are exempt. HHS provides some specific guidance on these exemptions here.

    2. Tom – as far as I’m aware, transmitting PHI via text is always a violation of HIPAA, even if it is being sent to people who are in the individuals health care team, it is not encrypted and therefore not secure.

  4. I am an HMO member. I requested a referral to a specialist from my PCP who works for a University Hospital. Two weeks later, a Referral Coordinator called and said she spoke to the HMO by phone about the referral, and the HMO denied it. I never received a written denial from the HMO who deny receiving any request for referral.
    Can I view and/or request a copy of the transcript of the phone conversation between the Referral Coordinator and HMO on the basis that it constitutes PHI?

  5. Can my dental office call my work and leave a message on a public answering machine saying that I have a balance that needs to be paid?

  6. If a patient is transferred to another facility, is it a HIPAA violation to disclose where the patient was transferred to to “family members” over the phone?

  7. When using email, from doctor to patient, if the content of the mail is protected, but the email name is still in plain text, is that still considered PHI, and would that need to be obscured. Identification is necessary, is this a risk management decision that is just accepted. Can the use of names as long as other information is protected be used in correspondence.

  8. If a patient of mine is related to my spouse and he sees her name did I violate hipaa? Im a home health nurse & prepare my daily list. He happened to see her name & warned me not to go. Theyve since accused me of violating hipaa.

  9. I am a student at a private university in NY. I recently embarked on an international internship and purchased travel health insurance that was provided by my university. I have since then returned from the internship and I am no longer insured under the travel health insurance policy. Upon my return, I had a question regarding my travel health insurance policy and therefore reached out to the person that coordinated my travel health insurance prior to my departure. She replied to my email and included the Chair of my program. In response to receiving the email, the Chair of my program email me with concern about my health. I am uncomfortable that the Chair of my program has knowledge that I inquired and may or may not have sought behavioral health treatment during my internship.

    I believe by including the Chair of my program in the email my confidentially was breached. I would really like to get your professional opinion on this matter. Is the information in my email considered PHI? Did she breach confidentiality? Is this a HIPAA violation? If so, why? If not, why not?

    Please see the email correspondence below. My emails begin with “Good Afternoon” and the insurance coordinator’s email begins with “Dear Student”.

    Good Afternoon
    Administrative Assistant to the Department of Public Health recommended that I reach out to you in regards to a few questions I had regarding the foreign travel insurance that I purchased for my international internship in Belgrade, Serbia. Your help in this matter is greatly appreciated. I want to know, does this policy cover behavioral health? If so, what is the name of the travel insurance? And what is my policy number?

    In response to my email she attached my policy letter and cc’d the Chair of my program and replied to me with the message below

    Dear Student –
    You should have received a letter indicating your coverage for the plan that was purchased for the trip scheduled for May 28th, 2015 thru July 22nd, 2015 prior to your trip – see attached.

    The policy does cover behavioral health (as long as it is considered an emergency visit and not a routine visit.) Only emergency accidents and sicknesses are covered under the study abroad policy.


    In response to this email the Chair of my program reached out to me with concern for my health. I replied to the insurance coordinator with the message below

    Good Afternoon,
    Thank you for this email. I appreciate you getting back to me in a timely matter.
    I want to address that I was not comfortable with you sharing my email and your response to my email with the Chair of my program. I considered the information in the email sensitive and thereby expected it to be treated with confidentially.
    May I ask why was she cc’d on the email?

    She replied to my email with the message below

    Dear Student –
    As the Director of this program – the advisor should have supplied you with the ‘letter’ from the carrier prior to your trip – that is WHY (she) was copied. There was no indication in your e-mail that this was a confidential matter but simply a QUESTION you were asking – and nothing in my response said otherwise.

    Am I justified to believe that by including a third party to the email, the privacy of my health information was violated? Does this go against HIPAA laws?

    Thank you for all your help. I look forward to your response.

  10. I signed an authorization to release treatment received at the ER of another health care facility to be sent to my current health care provider. It was received but when requested, the current provider won’t provide me a copy. They tell me under HIPAA, they can’t provide me the information sent from another provider. Is this right? I authorized the sending to them and isn’t it now part of my current records?

  11. If unsecure email is used by an insurance company to transmit a list of only names (first and last) of its insureds, is this considered PHI? Is it a breach?

  12. I have a quick question:

    Would a Yelp review for a doctor be considered PHI?
    1) The person is obviously identified, often with a picture and name.
    2) The review would indicate a past provision of care.

    Thank you

  13. Are readings from devices (e.g. blood pressure monitor, weighing scales, activity monitors, etc) that are gathered in an app on my phone, and stored on the web, defined as PHI? These are not associated with any medical records and are for my own personal use – nothing to do with insurance or Drs. Should the app or the website be HIPAA compliant?

  14. When my colleague and I are doing rounds and moving thru several patients’ rooms in an hour, he continues to ask me which room is next before we leave the room we are in. I am not comfortable with this but I am unable to find any clear information on whether or not a patient’s room number is included in the demographics and is considered a PHI.. Please provide information specifically relating to speaking one patient’s room number in front of another patient and/or visitors. Thank you.

  15. If a healthcare worker’s family member only has the patient address of the home health patient but not name or diagnosis, is the address considered PHI And subject to hipaa law?

  16. Is the date when a medical test was performed considered health information? This would not include the result of the test – just the date.

  17. My doctor’s office scale is right next to where other patients get free coffee. It is in the open area. It is a digital scale and once you step off the scale the weight still remains for about 10-15 seconds for everyone coming through the hallway or getting coffe to see. Is this a PHI violation?

  18. What about text messaging? Can a nurse text a nurse a patient’s zip code as long as no other identifying info is provided (no name, no phone, etc.)

    Can an agency store a list of patient’s name, address and phone numbers on Google Drive for other employees to access?

  19. We are filing a bankruptcy claim with the court on one of our patients. For the proof of claim, we have to file an itemized statement. I have removed the account number for the patient. Am I able to disclose the procedure names that were performed and the date these services were provided? Also, can I disclose the name of the insurance company that made payment if there is not policy number listed? Thank you.

  20. When I sign in at our local clinic I am asked to provide my name, birthdate, appointment time, date of arrival and doctor. This information is written on an 8×10 paper with every other patient until the page is full. I do not like providing my birthdate and think that this is personally identifiable information that can be seen by every other person signing this paper. Is this a Hipaa violation?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>