Inferensys

Glossary

Protected Health Information (PHI)

Any individually identifiable health information held by a covered entity, including demographic data, medical history, and test results, which is protected under the HIPAA Privacy Rule and must be de-identified before use in AI model training.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
HIPAA PRIVACY RULE

What is Protected Health Information (PHI)?

A precise definition of the 18 identifiers that legally define Protected Health Information under U.S. federal law and the technical implications for AI model training.

Protected Health Information (PHI) is any individually identifiable health information held or transmitted by a covered entity or its business associates, encompassing demographic data, medical history, test results, and payment records that relate to an individual's past, present, or future physical or mental health condition. Under the HIPAA Privacy Rule, this data is legally protected and cannot be used for AI model training unless explicit patient authorization is obtained or the data is fully de-identified through the Safe Harbor or Expert Determination methods.

In machine learning pipelines, PHI extends beyond obvious clinical data to include 18 specific identifiers such as IP addresses, biometric templates, and full-face photographic images. To safely utilize clinical corpora for tasks like domain-adaptive pretraining, engineers must implement automated de-identification pipelines that detect and redact these identifiers, transforming the dataset into a non-regulated format that retains clinical semantics without exposing the individual's identity.

HIPAA COMPLIANCE

Frequently Asked Questions

Clear, technically precise answers to the most common questions about Protected Health Information and its implications for AI model training and deployment.

Protected Health Information (PHI) is any individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium, that relates to an individual's past, present, or future physical or mental health condition, the provision of healthcare, or payment for healthcare. The HIPAA Privacy Rule defines 18 specific identifiers that must be removed for data to be considered de-identified, including names, dates (except year), telephone numbers, medical record numbers, and full-face photographs. PHI exists in both structured fields and unstructured clinical narratives, making its detection in free-text notes a critical challenge for healthcare AI pipelines.

HIPAA PRIVACY RULE

Core Characteristics of PHI

Protected Health Information (PHI) is defined by specific data elements that can reasonably identify an individual. Understanding these 18 identifiers is critical for de-identification and compliance.

01

The 18 HIPAA Identifiers

The HIPAA Safe Harbor method requires the removal of 18 specific identifiers before data is considered de-identified. These include direct identifiers like names and Social Security numbers, and quasi-identifiers like dates of service and ZIP codes. Any subset of these data elements held by a covered entity constitutes PHI.

18
Safe Harbor Identifiers
02

The 'Relates To' Standard

Data becomes PHI not just by containing an identifier, but by relating to an individual's health condition, provision of healthcare, or payment for healthcare. A de-identified dataset that still contains a unique medical case history could be re-identifiable if it allows someone to deduce the individual's identity through specific clinical events.

3
Core Criteria
03

Covered Entities & Business Associates

PHI is specifically regulated when held by Covered Entities (providers, health plans, clearinghouses) and their Business Associates. The same data point—like a heart rate—is PHI in a hospital's EHR but may not be regulated PHI if recorded by a consumer smartwatch app not acting on behalf of a covered entity.

2
Entity Classes
04

De-identification: Expert Determination

An alternative to Safe Harbor, Expert Determination requires a qualified statistician to apply statistical or scientific principles to render the risk of re-identification very small. This method allows for retaining more data utility, such as precise dates or full ZIP codes, if the expert formally documents and justifies the acceptable risk threshold.

Very Small
Risk Threshold
05

Limited Data Sets

A Limited Data Set (LDS) is a middle ground where direct identifiers are removed, but key quasi-identifiers like dates of admission and city/state can be retained. This PHI is used for research and public health activities without full patient authorization, provided the recipient signs a Data Use Agreement (DUA) governing its use.

DUA
Required Agreement
06

Genomic Data as PHI

Under modern interpretations, raw genomic sequence data is considered PHI because it is inherently identifiable. Unlike a name or date, a genetic sequence cannot be anonymized; it is the ultimate biometric identifier. Storing or processing human genomic data for AI model training requires the same rigorous HIPAA safeguards as a medical record number.

100%
Inherently Identifiable
HIPAA COMPLIANCE MECHANISM

The De-identification Safe Harbor Method

A definitive regulatory standard for rendering Protected Health Information (PHI) non-identifiable by removing 18 specific identifiers, thereby exempting the data from HIPAA Privacy Rule restrictions.

The Safe Harbor method is a precise de-identification mechanism defined by the HIPAA Privacy Rule. To achieve de-identification, a covered entity must remove 18 specific identifiers from the data record, including names, geographic subdivisions smaller than a state, all elements of dates directly related to an individual, telephone numbers, and full-face photographic images. The entity must also have no actual knowledge that the remaining information could be used alone or in combination to identify the subject.

This method provides a definitive compliance pathway, creating data that is no longer considered Protected Health Information (PHI) and is exempt from the Privacy Rule. The 18 identifiers encompass direct identifiers like Social Security numbers and medical record numbers, as well as quasi-identifiers such as ZIP codes (retaining only the first three digits if the population is >20,000). Once properly executed, the resulting de-identified dataset can be used for secondary purposes, including training clinical language models, without patient authorization.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.