Protected Health Information

From FISMApedia
Jump to: navigation, search

NIST SP 800-66

(PHI) Individually identifiable health information:

(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii)Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information in:
(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) Employment records held by a covered entity in its role as employer. (45 C.F.R., Sec. 160.103)