Slide 1
Your Trusted IT Support Partner Since 2003

We deliver reliable and affordable IT solutions for the Small Business Community.

What is ePHI?

What is ePHI?

what is ePHI?

ePHI, which stands for electronic Protected Health Information, refers to any individually identifiable health information that is created, stored, transmitted, or maintained electronically by a covered entity or its business associates. ePHI is protected under the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These rules mandate that covered entities and business associates implement appropriate safeguards to protect the privacy and security of ePHI.

In terms of an individual’s past, present, or future physical or mental health condition, the provision of healthcare to the individual, or the past, present, or future payment for healthcare services, ePHI encompasses a wide range of information fields. The data must have one or more of the following 18 identifiers in order to be considered identifiable electronically protected health information (ePHI):

  1. Names
  2. The world’s geographical regions devoid of states (e.g., street address, city, county, or ZIP code)
  3. Everything about a date – is directly connected to a specific person (excluding the calendar year). (e.g., birth date, admission date, discharge date, date of death)
  4. Telephone numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, such as fingerprints or voiceprints
  17. Full-face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code

Follow this link to know how unsecured third-party vendors can cause data breaches of ePHI.

If any of these identifiers are present in the health information and the information is stored or transmitted electronically, it is considered ePHI and must be protected in accordance with HIPAA regulations. De-identified health information, which has been stripped of all 18 identifiers, is not considered ePHI and is not subject to the same HIPAA requirements.


Call DP Tech Group for your business IT needs. 630-372-0100

Give us a call or fill out our contact form for a quote.

Scroll to Top