The Health Insurance Portability and Accountability Act Security Rule (HIPAA): identifies protected health information (PHI) and sets rules for the security and privacy of this information. This also includes any electronic health information (e-PHI). The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of PHI. PHI includes:


  • Past, present, future Mental or Physical Health, or billing information
  • Can be connected to an individual by one of 18 identifiers
  • All forms included: Oral, Written, Electronic
  • Excludes employment and education records