The HIPAA Privacy Rule applies to Protected Health Information (PHI) and the HIPAA Security Rule applies to Electronic Protected Health Information (EPHI). Employers may have other categories of employees personal information that deserve protections.
The different terms to describe personal information under HIPAA can be confusing. It is helpful to understand these key terms:
- Health Information is the broadest term. This refers to information that relates to an individual's medical condition, the provision of medical care, or payment for medical care.
- Individually Identifiable Health Information is Health Information that identifies the individual to whom it relates and is created or received by an employer or an entity covered by HIPAA.
- Protected Health Information is Individually Identifiable Health Information that is maintained or transmitted by a covered entity.
- Electronic Protected Health Information is Protected Health Information that is transmitted by or maintained in electronic media.
While the terminology may be specific, the concept holds that all health information should be treated carefully and appropriately. These definitions are useful in describing and affording protections to employees' health data.