PHI (Protected Health Information)

PHI, or Protected Health Information, refers to any individually identifiable health data created, received, stored, or transmitted by a healthcare provider, health plan, or business associate. Under the Health Insurance Portability and Accountability Act (HIPAA), PHI must be handled in accordance with strict privacy and security regulations to protect patient confidentiality.

PHI can appear in many forms - written, spoken, faxed, or digital - and includes any information that relates to:

• An individual’s health condition (past, present, or future)

• The provision of healthcare

• Payment for healthcare services 

What Does PHI Include?

PHI may include a wide range of identifiable personal and health-related data, such as:

• Full name

• Date of birth

• Phone number or email address

• Medical record number

• Health insurance policy number

• Appointment times or medical procedures

• Lab results, imaging, and prescriptions

• Any other data that can be linked to a specific person

When this information is transmitted or stored electronically, it’s referred to as ePHI. 

Who Must Protect PHI?

Under HIPAA, PHI must be protected by two main types of entities:

• HIPAA Covered Entities: Healthcare providers, health plans, and healthcare clearinghouses.

• Business Associates: Third-party service providers that handle PHI on behalf of covered entities

Business associates may include fax service providers, SMS platforms, cloud storage services, or IT vendors.

Notifyre acts as a HIPAA-compliant business associate, enabling healthcare organizations to send and receive PHI securely through SMS messaging and online fax. As part of this relationship, Notifyre offers the ability to sign a Business Associate Agreement (BAA), ensuring both parties meet their regulatory obligations.  

When is PHI Used?

PHI is routinely transmitted during everyday healthcare workflows, such as:

• Faxing a specialist referral or diagnostic result

• Sending a patient an SMS appointment reminder

• Delivering health screening results to a patient

• Notifying staff about urgent medical updates or schedule changes

• Sending claims or billing information for insurance processing

Why is Protecting PHI Important?

Failure to secure PHI can lead to:

• Data breaches and patient privacy violations

• Regulatory fines and penalties

• Reputational damage to healthcare providers

• Disruption in patient care and communication

Secure, compliant communication tools help healthcare organizations meet their legal obligations while maintaining the trust of their patients. 

How Notifyre Supports PHI Compliance

Notifyre is designed to help organizations meet their compliance requirements when transmitting PHI through fax and SMS. Key features include:

• HIPAA-Compliant SMS and Fax Services

• Encryption

• ISO 27001 Certification for information security management

• Access Controls & Audit Trails to track all activity

• 10DLC Compliance for trusted SMS delivery in the U.S.

Best Practices for Communicating PHI

To maintain compliance when sharing PHI:

• Share the minimum necessary information

• Use personalization tags to tailor content while keeping it relevant

• Clearly identify the sender and purpose of the message

• Use secure fax or SMS rather than unsecured email

• Offer opt-out instructions when applicable (e.g., for non-operational SMS)

• Ensure two-way replies are monitored, especially for critical patient interactions

Notifyre’s built-in message templates, bulk contact management, and delivery tracking make it easier for organizations to maintain these best practices at scale.