Electronic protected health information or ePHI is defined in HIPAA regulation as any protected health information (PHI) that is created, stored, transmitted, or received in any electronic format or media.
Some believe that only medical information is considered ePHI, however, that is not true.
HIPAA regulation states that ePHI includes any of 18 distinct demographics that can be used to identify a patient.
Here are some common examples of ePHI include:
- Address (including street address, city, county, or zip code)
- Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
- Telephone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Vehicle identifiers, serial numbers, or license plate numbers
- Device identifiers or serial numbers
- Web URLs
- IP address
- Biometric identifiers such as fingerprints or voice prints
- Full-face photos
- Any other unique identifying numbers, characteristics, or codes
Additionally, HIPAA sets standards for the storage and transmission of ePHI.
Media used to store data includes:
- Personal computers with internal hard drives used at work, home, or while traveling
- External portable hard drives
- Magnetic tape
- Removable storage devices, including USB drives, CDs, DVDs, and SD cards
- Smartphones and PDAs
Means of transmitting data via wifi, Ethernet, modem, DSL, or cable network connections includes:
Confidentiality, Integrity, Availability of ePHI
The HIPAA Security Rule sets specific standards for the confidentiality, integrity, and availability of ePHI. HIPAA beholden entities including health care providers (covered entities) and health care vendors/IT providers (business associates) must implement an effective HIPAA compliance program that addresses these HIPAA security requirements. These can be broken down into:
- Confidentiality is maintaining that ePHI is not illegally disclosed without proper patient authorizations in place
- Integrity is ensuring that ePHI that is transferred or maintained by a health care organization will not be accessed except by appropriate and authorized parties
- Availability is allowing patients to access their ePHI in accordance with HIPAA security standards
Revion offers a uniquely designed cloud based HIPAA compliance ready hosting platform. As a result, it is built to deliver performance, reliability, and security for those in the healthcare industry.
To talk to one of our HIPAA specialists, please click here: https://www.revion.com/company/contact/