PHI (Protected Health Information)

Protected Health Information (PHI) is any health or medical information that can be used to identify an individual patient, either directly (name, medical record number) or in combination with other data (date of birth, zip code, health conditions).

Examples of PHI

• Patient name, date of birth, Social Security number
• Insurance policy numbers and member IDs
• Medical diagnoses and medication lists
• Lab results and imaging reports
• Appointment records and visit notes
• Biometric data (voice recordings, genetic tests)

HIPAA PHI Rules

• De-identification: If all 18 direct and indirect identifiers are removed, data is no longer PHI and can be shared freely.
• Encryption: PHI in transit and at rest must be encrypted using strong ciphers (AES-256, TLS 1.2+).
• Access controls: Only authorized staff can access PHI; implement role-based access control.
• Audit logging: Track who accessed what PHI and when.

Voice Platforms and PHI

When an AI voice agent handles healthcare calls (appointment scheduling, test result delivery, patient intake), it inevitably processes PHI. The platform must:

• Sign a BAA with the healthcare provider.
• Encrypt all PHI (in voice recordings, transcripts, and CRM data).
• Never share PHI with third parties without explicit authorization.
• Maintain detailed audit logs of all PHI access.

Workforce Wave PHI Handling

Workforce Wave encrypts all PHI in voice calls, transcripts, and integrations. Call recordings are stored in encrypted vaults, access is logged, and data is deleted per HIPAA retention rules. Healthcare organizations can deploy with confidence.