The healthcare field generates a lot of information that is very private. To address this issue, Congress passed what was originally known as the Kennedy-Kassebaum bill but was later changed to health insurance Portability and Accountability Act, or HIPAA. HIPAA was intended to help people carry their health insurance from one company to another, as well as to streamline the movement of medical records from one health care institution to another.
At the micro level, HIPAA covers “‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The privacy Rule calls this information protected health information”. Protected health information, or PHI, and electronic PHI, or ePHI is the heart of what HIPAA is intended to protect. An example of PHI would be fax containing, and an example of ePHI would be an electronic record on a computer that contains PHI. It should be noted that with the prevalence of computers in the healthcare field, ePHI is the most common form.
With this said, a covered entity or its business associate must protect against the misuse of both forms of PHI. This article