← Glossary·Privacy

ePHI

HIPAA

PHI in electronic form — the scope of the HIPAA Security Rule (45 CFR §164.302–318).

Electronic Protected Health Information (ePHI) is PHI maintained or transmitted electronically. It is the exclusive scope of the HIPAA Security Rule, which mandates administrative, physical, and technical safeguards.

Why it matters
Most modern healthcare data is ePHI by default. Misclassifying logs, audit trails, or analytics data as ‘not ePHI’ is the most common Security Rule gap.

Related terms

PHI (Protected Health Information)
Individually identifiable health information held or transmitted by a HIPAA covered entity or business associate.
HIPAA
US law protecting PHI; Privacy, Security, and Breach Notification Rules apply to covered entities and business associates.

Does your program actually cover ePHI?

Run a free ComplianceIQ audit against HIPAA and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free HIPAA auditBack to glossary