Protect PHI (HIPAA)

What is Protected Health Information (PHI)?

Information that includes demographic information that is collected from an individual and:

  1. Is created or received by a health care provider, health plan, employer, or health care clearing house; and
  2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
    1. That identifies the individual; or
    2. With respect to which there is a reasonable basis to believe the information can be used to identify the individual.


PHI Data Elements

  • Name
  • All geographic subdivisions smaller than a state
  • All elements of date, except year
  • Telephone number
  • Fax number
  • Social Security Number (SSN)
  • Health Record Number (HRN)
  • Health Plan Beneficiary Number
  • Biometric identifiers, including finger and voice prints
  • Account numbers
  • Email addresses
  • Certificate/license numbers
  • Vehicle identifiers, including license plate numbers
  • Device identifiers and serial numbers
  • Web Universal Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Full face photographic images and comparable images
  • Any other unique number, characteristic, or code


Sharing PHI outside of KPNW? Find resources about the Risk Assessment Mitigation Process


Sharing Data

Information and guidance about transferring all types of data outside of KPNW.


KPNW Release of Information (ROI) Office

These resources are typically used when a participant in a study outside o f Kaiser Permanente needs to have their KP medical record released for that study. A participant in the KP study who needs their medical records transferred to KP from another institution should check with the other institution for their paperwork requirements.