What is "protected health information" (PHI) and "electronic protected health information" (ePHI) under HIPAA?

Health IT Adoption Toolbox

What is "protected health information" (PHI) and "electronic protected health information" (ePHI) under HIPAA?

Under the HIPAA Privacy Rule, protected health information (PHI) refers to individually identifiable health information. Individually identifiable health information is that which can be linked to a particular person. Specifically, this information can relate to:

The individual's past, present or future physical or mental health or condition,
The provision of health care to the individual, or,
The past, present, or future payment for the provision of health care to the individual.

Common identifiers of health information include names, social security numbers, addresses, and birth dates.

The HIPAA Security Rule applies to individual identifiable health information in electronic form or electronic protected health information (ePHI). It is intended to protect the confidentiality, integrity, and availability of ePHI when it is stored, maintained, or transmitted.

Resources:
Summary of the HIPAA Privacy Rule: What Information is Protected - Developed by the Office for Civil Rights at the U.S. Department of Health and Human Services (2003), this site provides a summary of the HIPAA Privacy Rule.

What Health Information Is Protected by the Privacy Rule? - Developed by the National Institutes of Health, this website health information protected under the HIPAA Privacy Rule.

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.

About

Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care. More>

Stay Informed

Comments?
E-mail the HealthIT e-mail box: healthit@hrsa.gov