Protected Health Information (PHI)

Individually identifiable health data covered by HIPAA - a high-sensitivity subset of PII that AI systems must detect and guard.

Protected Health Information (PHI) is individually identifiable health information - diagnoses, treatment, payment records, and the identifiers attached to them - protected under HIPAA. It is among the most sensitive data an organization holds, and mishandling it carries both regulatory penalty and real harm to patients.

Because PHI can enter an AI system through a prompt, a retrieval, or a tool result, protecting it means catching it on the data path: detecting health identifiers at the boundary and redacting or blocking them per policy before anything leaves the covered environment, with a hash-chained record of each decision. It is PII with a stricter legal regime, and the same runtime enforcement applies with a lower tolerance for error.

All terms

Govern AI like infrastructure.

Talk to our team about deploying DataStrict across your enterprise stack.