HIPAA
Protected Health Information (PHI)
Individually identifiable health information held by a covered entity or business associate.
Protected Health Information (PHI) is any individually identifiable health information held or transmitted by a HIPAA covered entity or business associate. It includes any identifier — such as a name, email, or record number — tied to a person's health condition, treatment, appointment, or payment for care.
The moment a website form, database, or email combines an identifier with health details, it is handling PHI and HIPAA safeguards apply. See when contact form submissions become PHI.