Electronic Protected Health Information or ePHI is characterized by the HIPAA privacy rule as any protected health information produced, stored, sent, or received in electronic format. For healthcare providers or any HIPAA-covered entity to be fully HIPAA compliant.
Under U.S. law, protected health information or PHI is defined as any private information detailing healthcare plans, health status, or payment for health care collected by a Covered Entity. Recognizing the difference between ePHI and PHI depends on the context of the information being used. Essentially, ePHI is Protected Health Information that is transmitted or stored electronically. There are 18 different information identifiers considered phi.
The 18 Identifiers that are Considered Identifiable Health Information
- Telephone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Any detailed dates excluding years
- Vehicle identifiers, serial numbers, or license plate numbers
- Device identifiers or serial numbers
- Web URLs
- IP address
- Biometric identifiers such as fingerprints or voiceprints
- Full-face photos
- Any other unique identifying numbers, characteristics, or codes
The HIPAA Security Rule and ePHI
The Department of Human Health and Services (HHS) states that covered entities must have security measures to protect PHI to remain HIPAA compliant under HIPAA regulations. These security measures include:
1. Technical Safeguards
This includes using cybersecurity technology like encryption and firewalls to protect devices storing or transmitting electronic phi. This includes sending HIPAA compliant emails.
2. Physical Safeguards
Locking and guarding physical health information and any electronic device (like hard drives) that has ePHI stored on it. This means locking the room where your medical records are kept.
3. Administrative Safeguards
Administrative safeguards deal with the human services portion of handling PHI and include taking precautions like limiting access to PHI and giving employees proper training for handling PHI.
How Can NeoCertified Help You Stay HIPAA Compliant?
If you are a Covered Entity or Business Associate dealing with ePHI or PHI, you MUST take action to protect your clients’ health information to be HIPAA compliant. Without HIPAA compliance, you could be subject to significant fines and penalties. HIPAA fines can be issued up to a maximum level of $25,000 per penalty and a minimum of $100 per penalty.
NeoCertified protects all healthcare-related information in both storage and transit and allows recipients to reply securely for free while remaining HIPAA compliant. NeoCertified is the ONLY HIPAA compliant secure email service that provides free BAAs, 24/7 customer support access for paid users and recipients, and military-grade encryption for your emails.