EmailMeForm Use & News

What are PII and PHI?

Getting to know the personal information protected under HIPAA.

Author Jennifer Poblete
by Jennifer Poblete
on April 20, 2021

If you think that the data you collect through your forms is just data, then think again. This data may be used to identify or trace a person‘s identity. PII and PHI are the terms and you must be aware of the difference.

Personally identifiable information or PII must be collected with caution and security to avoid infringing on the data privacy law. The most common personal data breach involves the abuse of this kind of data.

A HIPAA-compliant healthcare network guarantees patient information remains secure from illegal entry.

HIPAA Data Classification: PII and PHI

The key in achieving HIPAA Compliance is understanding the definition and difference between these two widely interchangeable terms: PII and PHI.

PII (Personally Identifiable Information) pertains to general information used to identify or locate someone. GDPR in the EU treats personal data sensitively. The data privacy law can fine businesses that have proven to fail its requirements. Want to know how your form can safeguard this data? Check this out!

In most medical cases, PII includes health information. Health information reflects past, present, and future health (physical/mental) conditions related to reimbursement for healthcare services. PHI or Protected Health Information (also called ePHI when stored or communicated electronically) is health-related PII. All data about an individual owned, possessed, or maintained by a HIPAA-covered entity falls under the meaning of protected health information (until it has been de-identified) according to the regulations. De-identification of health information occurs when PHI cannot be utilized to identify individuals.

The following identifiers (PII), when together with health information about that person, form the HIPAA data- protected health information (PHI):

  1. Names
  2. Geographical identifiers
  3. Dates directly related to an individual
  4. Phone and Fax Numbers
  5. Email addresses
  6. Social Security numbers
  7. Medical records statistics
  8. Health plan beneficiary numbers
  9. Account Summary
  10. Certificate/license numbers
  11. Vehicle license plate number
  12. Device serial numbers
  13. Web URL and IP number
  14. Body identifiers
  15. Full-face photograph and any similar image

HIPAA Privacy for Email

“I need to transmit a patient record via email, but I’m worried this will be a HIPAA violation.”

Much has been disputed involving data privacy compliance for email. Email security laws require messages to be protected while in transit if they contain PII or electronic personal health information (ePHI) and are forwarded outside of the protected internal email system. Personal identifiers should never be sent unless complying with transit security mandated by data privacy acts like HIPAA. Encryption is one of the most important safeguards.

compliant online forms
Protect your business and clients with HIPAA compliant forms.
PHI traveling across the internet is one of the most unsafe data transfers as far as the HIPAA context concerns. To ascertain HIPAA compliance for e-mail, only use online data collection forms that follow the HIPAA standards. EmailMeForm is a HIPAA compliant form builder that grants each form the confidence to collect and process health information. Each form is eligible to display the HIPAA compliant logo too.

personal information encryption in online forms
Our encryption tool helps you protect sensitive information.
Since electronic transmission of PII/PHI requires encryption, all data fields you create in your form are encrypted by default. HIPAA compliant EmailMeForm allows you to automatically add encrypted fields to reduce the risk of “forgot to encrypt” instances. Don’t worry though, full control of your form is still in your hands. The encryption of each field is your decision anyway!

Bottom line: Businesses MUST ALWAYS conduct a risk analysis. As early as possible, outline safeguards to maintain the privacy of personal information.

Learn more about how EmailMeForm’s HIPAA Compliance protects health information. You can contact us for more information.

secure personal data with online forms
Author Jennifer Poblete

Jennifer Poblete

Jennifer is an electronics engineer who loves writing as much as she loves numbers. She enjoys eating and a slice of pizza makes her happy.

Actionable data insights create new revenue opportunities, increase efficiency, and cut costs, but many executives still operate on gut instinct.
Data & Your Business

Creating business value from big data

Data & Your Business

GDPR Explained: the Basics

Demand for cybersecurity professionals rises as the industry fails to keep up with growing risk.
Data & Your Business

Cybersecurity Workforce Shortage

As education transitioned into the digital age, schools have an increased responsibility to safeguard their students’ data.
Data & Your Business

Schools’ digital responsibility to ensure student data privacy



More blog posts