Glossary »


What is "protected health information" (PHI) and "electronic protected health information" (ePHI) under HIPAA?

Under the HIPAA Privacy Rule, protected health information (PHI) refers to individually identifiable health information.  Individually identifiable health information is that which can be linked to a particular person.  Specifically, this information can relate to:

The individual's past, present or future physical or mental health or condition,
The provision of health care to the individual, or,
The past, present, or future payment for the provision of health care to the individual.

Common identifiers of health information include names, social security numbers, addresses, and birth dates.

The HIPAA Security Rule applies to individual identifiable health information in electronic form or electronic protected health information (ePHI).  It is intended to protect the confidentiality, integrity, and availability of ePHI when it is stored, maintained, or transmitted.