What does the acronym ePHI stand for in HIPAA terminology?

• A. Electronic personal health information.
• B. Emergency protected health information.
• C. Electronic protected health information.
• D. Electronic health information for emergencies.

Answer: (C)

Electronic protected health information refers to PHI that exists electronically. In HIPAA terms, PHI is any individually identifiable health information held or transmitted in any form, and when that information is in electronic format it becomes ePHI. This distinction matters because the Privacy Rule and Security Rule specify safeguards specifically for electronic PHI, such as access controls, encryption, audit logs, and proper risk management. Examples include electronic health records, lab results stored in a digital system, and patient data sent via secure email or stored in cloud-based systems. The other phrases aren’t the standard terminology used in HIPAA, so they don’t represent the official acronym.