Personally Identifiable Information (PII) and Protected Health Information (PHI)
Last Updated: January 14, 2025
PII is a fundamental aspect of an individual's privacy, and its protection is paramount. This document explains what PII is and why it’s important for us to protect Veteran PII.
What is PII?
PII is information connected to a specific individual that can be used either by itself (direct PII) or in combination with other information (indirect PII) to uncover that individual’s identity.
PHI
PHI is a subset of PII referring to healthcare-related information that is either detailed enough to enable identification of an individual, or that is used/maintained in a dataset with other information that together enables that identification. PHI isn’t limited to an individuals' personal health status. It encompasses all healthcare-related information, including details of a person’s treatment history and the financial records attached to their care and treatment.
Direct PII
Direct PII is information that uniquely identifies an individual. Examples of direct PII include the following:
Name
Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN)
Driver’s license or passport number
Personal address, phone number, and email address
Biometric information such as fingerprints, retina scan, facial geometry, etc.
Integration Control Number (ICN)
Electronic Data Interchange Personal Identifier (EDIPI)
IP address
Any internal identifier that contains other identifiers, e.g., file numbers that start with SSNs
Indirect PII
Indirect PII is information that can identify an individual when combined with other information. Examples of indirect PII include the following:
Date of birth
Race or religion
Employment information
Medical information such as health vitals or conditions, services or treatments received, medications, or service payment information
Prescribed medication name, labs and tests for specific injuries or illnesses, AVS that specifies reason for visit, message content, specific appointment types, etc.
Education information
Financial information
PII aggregation
Because no single piece of indirect PII contains individual-specific data, it can be harder to spot. An easy way to avoid accidentally revealing indirect PII in our products is by ensuring that the information we include is not detailed enough to aggregate into PII.
The following comparisons illustrate the difference between information that is ambiguous enough to include without risk of it aggregating into PII and information that is too detailed to include without risk of it aggregating into PII:
“Blood pressure”
“Blood pressure 132/78”
“Upcoming appointment”
“Appointment with Cardiology”
“Medications”
“Amoxicillin 500mg”
“Message”
“Message from Cardiology triage group”
“Labs and tests”
“Pathology results”
When combined, the specificity of the items on the right make it easy to compile a profile of an individual receiving treatment, especially since an individual’s treatment plan is likely stored in a way that is linked to PII. This detailed information qualifies as PHI.
No matter how many items on the left are combined, the lack of detail prevents them from being linked to any specific person.
follow these instructions for removing PII from a video clip):
When in doubt, scrub it out. If you aren't sure whether or not something qualifies as PII, consider deleting it before socializing your product.
General
Participant's face
Name
Email address
Address (whole or part)
Home or office phone numbers
Fax numbers
SSN
Driver's license number
Age
Date and place of birth
Mother’s maiden name
Marital status
Race
General educational credentials
Digital
Biometric data, like fingerprints or facial recognition data
IP address
Military
Military Rank or Civilian Grade
Number of years of military service (combining the number of years with a rank can constitute PII)
Military service number (used until 1974)
Claim form (print or digital)
Financial
Employment information
Salary
Payment history
Financial account number
Medical (PHI)
Medical record
Treatment plans
Payment records
Name and address of health care provider
Diagnosis
Why protect PII?
The following are key considerations for protecting Veteran’s PII:
Identity theft prevention: PII is a prime target for identity thieves. If a person’s PII is compromised, it can lead to identity theft, financial fraud, and significant personal hardship. Protecting PII helps safeguard against such malicious activities.
Veterans' health and well-being: Veterans often rely on the healthcare system for their medical needs. Protecting their PII, especially medical records, is crucial to ensure they receive appropriate and confidential healthcare services without fear of unauthorized access or disclosure.
Military and service records: Veterans' service records contain critical information about their service history, benefits, and entitlements. Protecting this data is essential to ensure veterans receive the support and benefits they've earned through their service.
Trust and confidence: Protecting Veterans' PII is essential for maintaining their trust and confidence in the institutions and organizations that serve them, including government agencies and Veterans' support organizations.
Protecting PII and PHI is a critical consideration as we build more health-related features for Veterans.
For guidelines and restrictions on PII storage and processing, check out this page.
Help and feedback
Get help from the Platform Support Team in Slack.
Submit a feature idea to the Platform.