Trying to understand the nuances of the Health Insurance Portability and Accountability Act (HIPAA) can be confusing. With so many different terms and subtle differences between them, it's difficult for many doctors and covered entities to remain compliant. That's why we're going to reveal a quick reference guide to HIPAA's commonly used terms today.

Protected Health Information

One of the terms that's frequently used in the context of HIPAA and covered entities is Protected Health Information (PHI). Covered entities must familiarize themselves with PHI, as HIPAA Rule's govern its use, storage and transmission. According to the Department of Health and Human Services (HHS), PHI is any individually identifiable health information that is either transmitted by electronic media, maintained by electronic media, or transmitted or maintained by any other form or medium (e.g. paper and oral communication).

Electronic Protected Health Information

Electronic Protected Health Information (EPHI) differs from its PHI counterpart in the sense that it's strictly digital and not paper or oral format. This may include patient files stores on a computer, video files, photos, etc. If the health information contains individually identifiable elements and it's being stored in digital format, then it's classified as EPHI.

Business Associates

The HHS views anyone who has access to a PHI – both physical and digital – as a business associate. This includes third-party organizations that provide billing support, IT support, payment, security, and more. Covered entities should identify any and all business associates with whom they do business.

Business Associates Agreement

This document outlines the type of information business associates have access to, as well as how the information will be used. A business associates agreement must also include measures taken by the business associate to safeguard the covered entity's data from unauthorized use or access.

Privacy Rule

Arguably, the single most important element of HIPAA, the Privacy Rule addresses the storage, access, and transmission of personally identifiable information, as well the rights of patients and their privacy.

Security Rule

Another major HIPAA “Rule,” the Security Rule establishes security standards that are designed to prevent unauthorized access and use of EPHI. It's important to note that the HIPAA Security Rule only affects Electronic Protected Health Information. It does not affect paper PHI. The Security Rule includes physical, technical and administrative safeguards that covered entities must implement.

Subscribe to our mailing list

* indicates required