HIPAA defines protected health information (PHI) as individually identifiable health information held or disclosed by a covered entity. PHI is widely inclusive. It can include a patient’s name, Social Security number or medical record number; specific dates such as birth, admission, discharge or death; or any other information that may be used to identify a patient. This may include information about past, present or future physical or mental conditions, the provision of health care to an individual, or the past, present or future payment for the provision of health care. Simply removing the patient’s name is not enough to protect the information, and “de-identification” is an onerous task that most physician practices will not undertake.