PHI (Protected Health Information)

PHI, or Protected Health Information, refers to any individually identifiable health data created, received, stored, or transmitted by a healthcare provider, health plan, or business associate. Under Australian Privacy Laws, PHI must be handled in accordance with strict privacy and security regulations to protect patient confidentiality.

PHI can appear in many forms - written, spoken, faxed, or digital - and includes any information that relates to:

• An individual’s health condition (past, present, or future)

• The provision of healthcare

• Payment for healthcare services 

What Does PHI Include?

PHI may include a wide range of identifiable personal and health-related data, such as:

• Full name

• Date of birth

• Phone number or email address

• Medical record number

• Health insurance policy number

• Appointment times or medical procedures

• Lab results, imaging, and prescriptions

• Any other data that can be linked to a specific person

When this information is transmitted or stored electronically, it’s referred to as ePHI. 

Who Must Protect PHI?

Under the Privacy Act 1988, health information is classified as sensitive information and must be protected by:

• APP Entities: This includes most Australian Government agencies and private sector organisations with an annual turnover above $3 million, as well as some smaller businesses that handle health information.

• Third-party Service Providers: Businesses engaged by APP entities to store, process, or transmit health information, such as fax service providers, SMS platforms, cloud storage services, or IT vendors.

Notifyre enables healthcare organisations and other regulated entities to send and receive health information securely via SMS messaging and online fax. Notifyre adheres to the Australian Privacy Principles (APPs) and implement robust security safeguards to help organisations meet their privacy obligations under the Privacy Act 1988.

When is PHI Used?

PHI is routinely transmitted during everyday healthcare workflows, such as:

• Faxing a specialist referral or diagnostic result

• Sending a patient an SMS appointment reminder

• Delivering health screening results to a patient

• Notifying staff about urgent medical updates or schedule changes

• Sending claims or billing information for insurance processing

Why is Protecting PHI Important?

Failure to secure PHI can lead to:

• Data breaches and patient privacy violations

• Regulatory fines and penalties

• Reputational damage to healthcare providers

• Disruption in patient care and communication

Secure, compliant communication tools help healthcare organisations meet their legal obligations while maintaining the trust of their patients. 

How Notifyre Supports PHI Compliance

Notifyre is designed to help organisations meet their compliance requirements when transmitting PHI through fax and SMS. Key features include:

• SMS and fax service compliant with Australian privacy laws

• Encryption

• ISO 27001 Certification for information security management

• Access Controls & Audit Trails to track all activity

   

Best Practices for Communicating PHI

To maintain compliance when sharing PHI:

• Share the minimum necessary information

• Use personalisation tags to tailor content while keeping it relevant

• Clearly identify the sender and purpose of the message

• Use secure fax or SMS rather than unsecured email

• Offer opt-out instructions when applicable (e.g., for non-operational SMS)

• Ensure two-way replies are monitored, especially for critical patient interactions

Notifyre’s built-in message templates, bulk contact management, and delivery tracking make it easier for organisations to maintain these best practices at scale.