00:07
Adam Stofsky
Okay, let me ask you. I know this is a little bit of a complex question, but at a basic level, under HIPAA and sort of relevant privacy laws, what is personal health information? 

00:20
Thora Johnson
That's great. So, first of all, the terminology is going to be protected health information under HIPAA, and it's generally past, present, or future information regarding physical and mental health condition, information about treatment, and information about payment for healthcare condition treatment payment? 

00:45
Adam Stofsky
Yes. What makes it into something special? Like what makes it legally phi? 

00:53
Thora Johnson
It has to be in the hands of a covered entity or a business associate. So it takes you back to the It's very definitional. So you're looking for individually identifiable health information in the hands of a healthcare provider that's billing electronically for their services, or you're looking for a health plan, a health insurance company that has that information. And again, just a special note, it is considered phi, even if it is mere demographic information that's tied to a covered entity. So, again, a patient list is phi, even if it's divorced of diagnoses or payment information. Oh. 

01:32
Adam Stofsky
So it's almost like the mere fact that someone went to the doctor that's a list of patients in the hands of a doctor. That's kind of like a kind of health information that makes sense, right? 

01:41
Thora Johnson
You want your contact information in the hands of your provider being used for treatment, payment, or healthcare operations. Otherwise, you really do expect your provider to come to you and ask for your consent to use your information in any other way.