Awareness article
What Is ePHI?
A plain-language explanation of electronic protected health information and which systems, files, and workflows turn PHI into ePHI.
Short answer
ePHI is PHI that is created, received, maintained, or transmitted in electronic form. If patient-linked information moves through software, cloud storage, spreadsheets, email, or messaging tools, it is usually ePHI.
ePHI is PHI in electronic form. If patient-linked information is created, received, stored, or transmitted through software, cloud storage, spreadsheets, email, or messaging, it is usually ePHI.
What makes PHI become ePHI?
PHI becomes ePHI when it is handled electronically. That includes:
- EHR data
- cloud drive files
- spreadsheet trackers
- patient-linked emails
- task systems and notifications
- exported reports and backups
Why ePHI matters operationally
Once the information is ePHI, the Security Rule stops being abstract. Access control, auditability, encryption, retention, and vendor selection all become practical decisions about the actual systems your team uses.
Related pages
Use PHI Fundamentals for the full definition cluster, Google Drive if the question is file storage, and /security if the issue is technical safeguards.
PHI Fundamentals
Core PHI and ePHI definitions, identifiers, edge cases, and data-classification concepts healthcare teams need before tool selection.
HIPAA and Wearable Devices: When Fitbit and Apple Watch Data Is PHI
HIPAA and wearable devices: when Fitbit, Apple Watch, and Garmin data becomes PHI, what BAA obligations arise, and how FTC rules cover gaps HIPAA doesn't.
Building a HIPAA-Compliant AI Use Policy for Your Clinic
How to build a HIPAA-compliant AI use policy for your clinic: approved tools, BAA requirements, prohibited inputs, staff training, and OCR's guidance on AI.
Sources