Definition: EPHI is an acronym that relates mainly to maintaining private information in health care source documents. EPHI focuses upon assuring the privacy of identifiable information. The abbreviation, which stands for Electronic Protected Healthcare Information, is now in effect and associated with the newer HITECH Act. The law dictates that any organization that classified as a "covered entity" is responsible for complying with provisions of the security rule.
The regulations are extensive and accompanied with a substantial list of standards. Standards that are "Required" must have procedures in place to document that the requirements have been met. "Addressable" standards mean the covered entity has discretion to declare why the standard is unnecessary or can be met in a different way.
Its Relevance: Any company that finds itself classified as a "covered entity" must comply with the provisions of the law. An organization that is out-of-compliance may be fined or new, face stiffer penalties. A covered entity must now pay strong attention to Electronic Protected Healthcare Information and matters related to the HITECH Act. Many organizations that are responsible to implemented advanced security controls have failed to do so.