How to Identify HIPAA Protected Health Information: Finding Your Clients’ Sensitive Information Wherever It Goes

Course Materials


  1. What, precisely stated, is “Protected Health Information?”
    • PHI as defined under HIPAA
      • Examples of “health information.”
    • “PHI,” the HIPAA concept vs. “Confidential information,” the professional ethical concept
      • Precision in definition
      • Boundaries of scope
  2. How does HIPAA determine what is “personally identifying” and what is not?
    • HIPAA’s 18 identifiers
    • Applying the identifiers to information typically found in mental health practices
  3. When does “personally identifying health information” become my practice’s PHI, and by extension my/our responsibility under HIPAA?
    • “Scope” in security and privacy regulations
    • The scope of HIPAA’s various rules
    • Concrete examples of the likely edges of HIPAA PHI in mental health practices
  4. How do I know when PHI is being handled by my devices, service professionals, and cloud services?
    • Following information flow
    • Which identifiers to look for based on where you’re looking
      • Identifiers on smartphones
      • Identifiers on cloud services in general
      • Identifiers on email and texting services
      • Identifiers and service professionals

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss