What’s the difference between PHI and ePHI?

What's the difference between PHI and ePHI? | Paubox

The terms PHI and ePHI are mentioned quite often on our blog. I’ve even wondered myself if I’m using the terms correctly.

This post will clarify the similarities and differences between protected health information and electronic protected health information.

HIPAA

As a recap, the Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information.

As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.

business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. 

Protected health information (PHI)

PHI stands for protected health information and refers to any information about an individual’s health or health care that can be used to identify the individual and that is held by a covered entity or business associate.

PHI isn’t just confined to medical records and test results. In fact, any information that can identify a patient and is used or disclosed during the course of care is considered PHI. Even if the information by itself doesn’t reveal a patient’s medical history, it is still considered PHI.

As a general guideline, any information that can reasonably be used to identify an individual and is used during the course of care is considered PHI.

Electronic protected health information (ePHI)

ePHI stands for electronic protected health information and refers to PHI that is stored or transmitted electronically (e.g. in a computer system, over a network).

In 2005, the HIPAA Security Rule went into effect. It should be noted that while the HIPAA Privacy Rule safeguards PHI, the Security Rule protects a subset of information covered by the Privacy Rule.

In a nutshell, the HIPAA Security Rule applies to all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form, or ePHI.

It should be noted the HIPAA Security Rule does not apply to PHI transmitted orally or in writing.

See also: How to properly dispose of electronic PHI under HIPAA

Conclusion: what’s the difference between PHI and ePHI?

In a nutshell, ePHI is a subset of PHI that specifically refers to electronic forms of protected health information.

In addition, the HIPAA Privacy Rule applies to the safeguarding of PHI, while the HIPAA Security Rule applies solely to the protection of ePHI.

One last note, protected health information transmitted via email is technically ePHI, although we interchange the terms PHI and ePHI quite often on this blog when discussing topics related to HIPAA compliant email.

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant email solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport