ABSTRACT
Introduction Before launching into a discussion of protected health information (PHI) as de‚ned under the Health Insurance Portability and Accountability Act (HIPAA), it is ‚rst important to have a basic understanding of HIPAA, and also why HIPAA even exists. Œis chapter ‚rst provides a highlevel description of HIPAA and the subsequent Health Information Technology for Economic and Clinical Health Act (HITECH Act) to provide readers with the necessary background information to help better understand the term PHI. Œe chapter then describes certain speci‚c types of information considered to be PHI, other situations where other information may be considered to be PHI, and then situations when these same information items do not fall under the de‚nition of PHI. Œe chapter concludes with a set of recommendations for de‚ning and protecting PHI within covered entities (CEs) and business associates (BAs), as they are de‚ned within HIPAA and the HITECH Act.
