What is PII and PHI Security? | Why is it Important? | FileCloud


The Federal government requires organizations to identify  PII (Personally identifiable information) and PHI (Protected Health information) and handle them securely.  Any unauthorized release of these data could result in severe repercussions for the individual whose information has been compromised, as well as for the government entity responsible for safeguarding that information. Given the importance of PII and PHI, government wants to govern the usage more efficiently. The first step to keeping this information safe, is understanding as much as possible about what it is, and how important it can be.

Personally Identifiable Information

PII or personally identifiable information is any data that can be used to contact, locate or identify a specific individual, either by itself or combined with other sources that are easily accessed. It can include information that is linked to an individual through financial, medical, educational or employment records. Some of the data elements that might be used to identify a certain person could consist of fingerprints, biometric data, a name, telephone number, email address or social security number. Safeguarding PII and other sensitive information is the responsibility of federal agencies.

Though society has relied upon PII for some time, protecting it has become more important recently, mainly due to increased hacking scandals. Now that computer advances and technology improvements are taken place, the protection of PII is essential for all organizations. Some of the laws that are related to different forms of PII include: HIPAA, Privacy Act, GLBA, FERPA, COPPA, and FCRA.

These laws are utilized as an important way of attempting to ensure that corporations are restricted from sharing personal information with other parties. They also provide requirements for protecting that information in the most appropriate manner.

Examples of PII

Although collecting and selling PII on a legal basis has been identified as a profitable option, it can also be exploited by malicious individuals or criminals that want to commit crimes or steal a person’s identity. According to statistics given by the FBI, identity theft is still regarded as one of the fastest growing crimes in the nation, capable of causing significant emotional and financial damage to all of its victims. Due to the threat imposed, many governments have created legislation to limit how personal information is distributed. Some examples of what may be identified as PII include:

  • A personal identification number, such as a driver’s license number, passport number, patient identification number, credit card number or social security number.
  • A name, including the full name of the individual, their maiden name or mother’s maiden name, and any alias they may use.
  • Asset information, such as MAC address or IP, as well as other static identifiers that could consistently link a particular person.
  • Address information, like email addresses or street addresses, and telephone numbers for businesses or personal means.
  • Biological or personal characteristics, such as an image of distinguishing features, fingerprints, x-rays, voice signature, retina scan, or geometry of the face.
  • Information about an individual that is linked to their place of birth, date of birth, religion, activities, geographical indicators, educational, financial, or medical data.

Under certain circumstances, one or two pieces of data can be brought together with other easily-accessible information to create a vulnerability for someone’s identity. Even if the pieces of data seem to be harmless when by themselves.

Protected Health Information

HIPAA, or the Health insurance portability and accountability act, has required certain security regulations to be adopted for protected health information. Often, PHI is regarded to be any health information that is individually identifiable, and created or received by a provider of health care, a health plan operator, or health clearing house. The information might related to an individual’s present, past or future health, either in physical or mental terms, as well as the current condition of a person. Generally, PHI can be used to identify a specific individual, and it refers to data that is either maintained or transmitted in any given form, including speech, paper, or electronics.

PHI does not refer to the education records that are covered by the educational family rights and privacy act. Nor does it refer to any employment records that are maintained by a covered entity as that entity’s role as a person’s employer. The regulations typically refer to a number of different fields which might be utilized to identify a person, including:

  • Names
  • All dates directly linked to an individual, including date of birth, death, discharge, and administration.
  • Telephone and fax numbers
  • Email addresses and geographic subdivisions such as street addresses, zip codes and county.
  • Medical record numbers, and health plan beneficiary numbers.
  • Certificate numbers or account numbers
  • Social security numbers, or vehicle identifiers
  • Biometric identifiers, including voice or finger prints.
  • Photographic images of the full face or recognizable features
  • Any unique number-based code or characteristic

Frequently Asked Questions (FAQs)

Why is PII important?
PII, or personally identifiable information, is information that is used to contact, identify, or locate a person, like their name, social security number, address, or phone number. It is important because the leakage of PII can lead to privacy and safety issues like personal embarrassment, workplace discrimination, and identity theft.

What is PHI vs PII?
PHI, or protected health information, is any type of health information, like physical or electronic health records, medical bills, and lab test results, that has individual identifiers (PII). The confidentiality requirements surrounding PHI are very strict and violation of these can lead to severe legal consequences.

Why is it important to protect PHI?
Protecting PHI ensures patient privacy. Keeping health information private is important because it leads to more trust, better communication, and higher levels of care between the patient and their health care professional. It also prevents personal embarrassment, financial harm, and possible discrimination based on health-related issues.

What happens when HIPAA is violated?
If someone unknowingly violates HIPAA, they can be subjected to a penalty of $100 per violation and up to $25,000 for repeated violations. If it is found that HIPAA rules were purposefully violated, the consequences are more severe: a minimum $50,000 fine and up to 10 years of jail.

What are two ways to protect patient confidentiality?
There are many ways to protect patient information. Two common ways are ensuring that PHI data is encrypted at rest and in transit and storing PHI in a safe manner. These can both be accomplished by using a secure file storage and sharing solution like award-winning FileCloud.

How do you protect confidentiality?
You can protect confidentiality by keeping electronic files in a secure location with features like encryption, smart data leak protection, advanced permissions, and more. Other ways include ensuring that discussions about confidential information are held in private locations and written information is hidden from public view.