Personal health information (PHI), also referred to as protected health information, generally refers to demographic information, medical history, test and laboratory results, insurance information and other data that is collected by a health care professional to identify an individual and determine appropriate care.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and revisions to HIPAA made in 2009’s Health Information Technology for Economic and Clinical Health (HITECH ) Act, covered entities -- which include health care providers, insurers and their business associates -- are limited in the types of PHI they can collect from individuals, share with other organizations or use in marketing communications. In addition, PHI must be provided to patients if requested -- preferably in an electronic format -- and cannot be sold unless it is being used for public health activities, research, treatment, services rendered or the merger/acquisition of a HIPAA covered entity. HIPAA also gives individuals the right to make written requests to amend PHI that is being maintained by a covered entity.
Watch a video on Gov. Patrick's views on personal health information management.
Should patients have access to all of their personal health information?
Get more information on personal health records services.