What are ePHI and PHI?

Electronically protected health information or ePHI is characterized by HIPAA compliance regulations as any protected health information that is produced, stored, sent, or received in electronic format.

There are 18 specific characteristics that define ePHI and consist of:

  1. Telephone number
  2. Fax number
  3. Email address
  4. Social Security number
  5. Medical record number
  6. Health plan beneficiary number
  7. Account number
  8. Certificate/license number
  9. Name
  10. Address
  11. Any detailed dates excluding years
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voiceprints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes

Protected health information or PHI under U.S. law is defined as any private information detailing healthcare plans, health status, or payment for health care that is collected by a Covered Entity. Recognizing the difference between ePHI and PHI really depends on the context in which the information is being used.

Categorizing PHI and ePHI can be a frustrating process but is significantly important when involving HIPAA compliance. In short, PHI is essentially ePHI that is not transmitted or stored electronically. Hiring a legal professional to review the particular ways in which a company is processing, storing, sending, or receiving health information is a great way to confirm what information would be defined as ePHI or PHI.

If you are a Covered Entity or Business Associate dealing with ePHI or PHI, you MUST take action to protect your clients’ health information in order to be HIPAA compliant. Without HIPAA compliance you could be subject to large fines and penalties. HIPAA fines can be issued up to a maximum level of $25,000 per penalty and a minimum of $100 per penalty.

NeoCertified not only protects all healthcare-related information in both storage and transit but also allows recipients to reply back securely for free all while remaining HIPAA compliant. NeoCertified is the ONLY secure email service that provides free BAAs, 24/7 customer support access for both paid users and their recipients, and military-grade encryption for your emails.