Term:Protected Health Information

From FISMApedia
Jump to: navigation, search

DoD 8580.02-R

Protected Health Information (PHI) - Individually identifiable health information that is created, received, or maintained by a covered entity, as defined in DoD 6025.18-R ( Reference (f)). DL1.44.

NIST SP 800-66r1

Protected Health Information (PHI) - Individually identifiable health information:

(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information in:
(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) Employment records held by a covered entity in its role as employer. [45 C.F.R., Sec. 160.103]

NIST SP 800-66

Protected Health Information (PHI) - Individually identifiable health information:

(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii)Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information in:
(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) Employment records held by a covered entity in its role as employer. [45 C.F.R., Sec. 160.103]