Chapter 8: Medical Privacy

PHI and ePHI Defined

PHI is individually identifiable health information held by a covered entity or business associate relating to a person's health, care, or payment. ePHI is PHI in electronic media - paper, paper-to-paper faxes, and voice telephone calls are NOT electronic media.

PHI is any individually identifiable health information transmitted or maintained in any form; held by a covered entity or business associate; that identifies or could identify the individual; created or received by a covered entity or employer; and relating to a past, present, or future condition, care, or payment.

Key terms - quick answers

What is “PHI”?

Protected health information: individually identifiable health information held by a covered entity or business associate that identifies or could identify the individual and relates to their health, care, or payment.

What is “ePHI”?

Electronic protected health information; PHI transmitted or maintained in electronic media such as hard drives, tapes, disks, or memory cards.

← HIPAA Origins and Purpose Covered Entities Under HIPAA →