This article will define personally identifiable information, sensitive personally identifiable information, and protected health information as well as provide examples of each.
Personally Identifiable Information (PII) has numerous official definitions, depending on what agency or state law/policy you read, but in general, it is defined as any information that can be used to identify an individual directly or indirectly, such as a name, email address, Social Security Number or IP address.
Sensitive PII (SPII) is generally defined as any PII which if lost, stolen, or disclosed without authorization could result in significant harm to an individual.
Federal agencies and States each have unique privacy protection laws concerning the protection of PII, (see U.S. State Comprehensive Privacy Law Comparison), and in most cases, additional protections such as end-to-end encryption are required for what is considered sensitive PII.
Protected Health Information (PHI) is a specific type of Sensitive PII that is collected by a healthcare provider or other covered entity for the provision of healthcare services. This information is protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which requires HIPAA-covered entities and their business associates to implement specific technical and operational safeguards to protect PHI.
Identification
The PII/Sensitive PII/PHI identification charts below were compiled from information gathered from the Department of Homeland Security’s Handbook for Safeguarding Sensitive Personally Identifiable Information and the U.S. Department of Health and Human Services.
Personally Identifiable Information (PII)
- Home Address
- IP Address
- Name
- Phone Number
- Any other information that can uniquely identify someone
Sensitive PII (SPII)
Stand-Alone | Any PII Combined With the Following |
|
|
Protected Health Information (PHI)
Health Information (physical, electronic, or spoken) + Identifier + collected by a HIPAA-Covered Entity or School or University or Employer or Business Associate of a HIPAA-Covered Entity + in relation to the provision of healthcare or payment for healthcare services.
Health Information | Identifiers | HIPAA-Covered Entities | Business Associates of HIPAA-Covered Entities |
|
|
|
|
Comments
Let us know what was helpful or not helpful about the article.0 comments
Please sign in to leave a comment.