The HIPAA Privacy Rule protects “individually identifiable health information,” and such information that the
Privacy Rule protects is termed Protected Health Information (PHI). Individually identifiable health information is information that relates to an individual’s health, health care, or health-care payments, created or held by a Covered Entity that is identifiable, whether directly or indirectly.
Individually identifiable health information is defined in 45 CFR 160.103.