Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Understanding HIPAA ePHI

HIPAA regulation identifies a national set of standards meant to protect the privacy and security of protected health information (PHI). When that PHI is maintained in an electronic or digital format, that’s called electronic protected health information (ePHI). In today’s increasingly digital age, it’s more important than ever before for behavioral health specialists to understand how to work with ePHI without violating federal HIPAA regulation.

What’s HIPAA ePHI?

Under HIPAA regulation, PHI is defined as any demographic information that can be used to identify a patient. The regulation identifies 18 key identifiers of demographic information that is considered PHI. Common examples of PHI include a patient’s name, date of birth, address, telephone number, medical record, insurance ID number, Social Security number, email address, and full facial photos to name a few.
HIPAA ePHI is distinct from PHI because it must be a form of PHI that is stored, transferred, maintained, or accessed in an electronic format.
That means that ePHI is any PHI that is stored on a computer, hard drive, or in any kind of cloud storage system. Additionally, ePHI is any health care information that is sent or transmitted via an electronic exchange, such as email. And if PHI is accessed electronically on a computer, workstation, mobile device, or laptop, that is also considered ePHI.
Under HIPAA regulation, behavioral health professionals must implement appropriate safeguards to ensure that ePHI is kept secure. These include:

  • Physical safeguards: Any measures that can be taken to protect the physical security of your office or a location where ePHI is stored. This can include door locks, alarm systems, or locked server/device cabinets.
  • Technical safeguards: Any measures that can be taken to ensure the technical security of HIPAA ePHI. Examples include firewalls, device encryption, network encryption, email encryption, anti-malware, or any cybersecurity initiatives.
  • Administrative safeguards: Any measures that your practice can take to mitigate human error and establish administrative procedures for handling HIPAA ePHI. This includes employee training, HIPAA and cyber-security training, and HIPAA policies and procedures.

Because of the rise of EHR platforms and telehealth technologies that allow for remote treatment, ePHI is at more risk than ever before of serious data breaches if appropriate protections are not put in place. Protect your behavioral health practice from an ePHI breach with an effective HIPAA compliance program that addresses all elements of the regulation.

HIPAA Resources

Recent Webinar: Cyber-Attacks: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice

Recent Webinar: Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age

Visit our other On-Demand Webinars

If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!

Introduction to Telehealth Theory & Practice

Enjoy a fast-moving overview of telebehavioral and telemental health. Understand the key points related to telehealth clinical, legal, ethical, technology, reimbursement, social media and other pivotal issues.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x