What's the difference between PII and PHI?

Personally Identifiable Information (PII) is a broader version of Protected Health Information, (PHI).

PII is any data that could potentially identify a specific individual; PHI is any information about health status, provision of health care, or payment for health care that is collected by a “Covered Entity” and can be linked to a specific individual.

Use of PII and PHI in Florence eBinder Suite™

PII: While using our products, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your name (“Personal Information”) and email address.

PHI: In maintaining, using, and affording access to protected health information as such term is defined under §160.103 of HIPAA in accordance Florence Healthcare will:

  • Not use or disclose protected health information except as permitted or required by the customer or as required by law;
  • Use appropriate safeguards and comply, where applicable, with the Security Rule with respect to electronic protected health information, and to prevent the use or disclosure of such information other than as provided for here;
  • Report to you any use or disclosure of such information not provided for as described here of which we become aware, including breaches of unsecured protected health information as required by §164.410 of HIPAA, and any security incident involving the information of which we become aware;
  • In accordance with §§164.502(e)(1)(ii) and 164.308(b)(2) of HIPAA, as applicable, ensure that any subcontractors that create, receive, maintain or transmit Protected Health Information on our behalf agree to the same restrictions, conditions, and requirements that apply to us with respect to such information; and we obtain satisfactory assurances that such subcontractors will appropriately safeguard such information (it being understood, for the avoidance of doubt, that other users of the Services are not our subcontractors);
  • Make available Protected Health Information to you as necessary to satisfy your obligations under §164.524 of the Privacy Rule;
  • Make available Protected Health Information for amendment and incorporate any amendments to Protected Health Information in accordance with §164.526 of the Privacy Rule;
  • Maintain and make available such information required to provide an accounting of disclosures in accordance with §164.528 of the Privacy Rule;
  • To the extent that we are to carry out your obligations under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to you in the performance of such obligations;
  • Make our internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by us on your behalf, available to the Secretary of the United States Department of Health and Human Services for purposes of determining your compliance with the Privacy Rule.
  • Use protected health information to provide data aggregation services as permitted by 45 CFR 164.504(e)(2)(i)(B).
  • Use protected health information for the proper management and administration of our business or to carry out our legal responsibilities.
  • Agree to mitigate to the extent practicable, any harmful effect that is known to us from the use or disclosure of protected health information in a manner contrary to the obligations under HIPAA.
  • Return or destroy all protected health information created by and received from you at the termination of any agreements between us.
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk