HIPAA Electronic Protected Health Information (ePHI)
You might be wondering, what’s the electronic protected health information definition? Electronic protected health information or ePHI is defined in HIPAA regulation as any protected health information (PHI) that is created, stored, transmitted, or received in any electronic format or media.
HIPAA regulation states that ePHI includes any of 18 distinct demographics that can be used to identify a patient. Common examples of ePHI include:
- Name
- Address (including subdivisions smaller than state such as street address, city, county, or zip code)
- Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
- Telephone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Vehicle identifiers, serial numbers, or license plate numbers
- Device identifiers or serial numbers
- Web URLs
- IP address
- Biometric identifiers such as fingerprints or voice prints
- Full-face photos
- Any other unique identifying numbers, characteristics, or codes
Additionally, HIPAA sets standards for the storage and transmission of ePHI.
Media used to store data includes:
- Personal computers with internal hard drives used at work, home, or while traveling
- External portable hard drives
- Magnetic tape
- Removable storage devices, including USB drives, CDs, DVDs, and SD cards
- Smartphones and PDAs
Means of transmitting data via wi-fi, Ethernet, modem, DSL, or cable network connections includes:
- File transfers
Confidentiality, Integrity, Availability of ePHI
The HIPAA Security Rule sets specific standards for the confidentiality, integrity, and availability of ePHI. HIPAA beholden entities including health care providers (covered entities) and health care vendors/IT providers (business associates) must implement an effective HIPAA compliance program that addresses these HIPAA security requirements. Confidentiality, integrity, and availability can be broken down into:
- Confidentiality is maintaining that ePHI is not illegally disclosed without proper patient authorizations in place
- Integrity is ensuring that ePHI that is transferred or maintained by a health care organization will not be accessed except by appropriate and authorized parties
- Availability is allowing patients to access their ePHI in accordance with HIPAA security standards
About Compliancy Group
At Compliancy Group, we understand the importance of protecting electronic protected health information (ePHI) in accordance with HIPAA regulations. Our company provides comprehensive solutions to ensure that your organization is fully compliant with HIPAA regulations and able to safeguard ePHI. We offer a user-friendly compliance platform that guides you through the entire compliance process, from risk assessments to employee training and documentation. Our team of compliance coaches are always available to answer any questions and provide support. With our help, you can have peace of mind knowing that your organization is fully compliant with HIPAA regulations and protecting ePHI.
