Definitions
Protected Health Information (PHI) is a term defined within the Health Insurance Portability and Accountability Act (HIPAA). HIPAA compliance is required of covered entities, including health care providers. PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed while providing a health care service, such as a diagnosis or treatment. PHI includes photographs and videos of the patient, even if the patient asked for the photo/video to be made or consented to it being made. It is best to return such photos to the patient, if no other patients are in the photos.
Personally Identifiable Information (PII), under FERPA, is any information, directory and nondirectory, that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty. This may include the student’s name, names of parents or family members, the address of the student or student’s family; a personal identifier such as the student’s social security, UFID number, or biometric record, information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates, a list of personal characteristics, or any other information that clearly distinguishes the student’s identity.