Under the Health Insurance Portability and Accountability Act (HIPAA), any data held by a covered entity or its business associate that identifies an individual and describes his or her health status, age, sex, ethnicity, or other demographical characteristics, whether or not that information is stored or transmitted electronically (see Box P-1 ). Additionally, PHI may include physician-patient interactions and conversations, physician-staff conversations, internal physician-physician conversations, external physician-physician conversations, staff-family communications, staff-staff conversations, physician dictation, and telephones in examination rooms. Sometimes erroneously referred to as private health information or personal health information.Box P-1Protected Health Information in a Medical OfficeIntake formsLaboratory work requestsPhysician-patient conversationsConversations that refer to patients by namePhysician dictation tapesTelephone conversations with patientsEncounter sheetsPhysician’s notesPrescriptionsInsurance claim formsX-raysE-mail messages