Dictionary of HIPAA Terms

Veriphyr proactively reports impermissible use of PHI the first time it happens.


Electronic Health Record (EHR): EHR is just the digital version of that chart your doctor carries around on a clipboard: basic medical information and history. Broader EHR systems contain more in depth information. The purpose of EHR systems is to share information more efficiently between healthcare providers: doctors, insurance companies, pharmacy, and school nurses all fall under this category (1).


Health and Human Services (HHS): One of the 16 Executive Departments of the U.S. Federal Government; tasked with ensuring the health and well-being of American Citizens (2).


HIPAA Rule: establishes national standards and requirements of “appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security” of individual’s electronic protected health information (3).


National Health Information Sharing and Analysis Center (NH-ISAC): A community of Health Care and Public Health professionals with the goal: “to enable and preserve the public trust” through exchanging information on privacy and security risks and new technologies (4).


Office for Civil Rights (OCR): An Office of the U.S. Department of Health and Human Services which enforces HIPAA policy, Privacy, Security, and Breach Notification Rules, the Patient Safety Act and Rule, as well as other civil and religious freedom rights (5).


Electronic Protected Health Information (ePHI): any PHI held on any electronic platform such as mobile phones or laptops (6).


Protected Health Information (PHI): Any “individually identifiable health information” held by an company or other entity.

“Protected health information is information, including demographic information, which relates to:

  • the individual’s past, present, or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Protected health information includes many common identifiers (e.g., name, address, birth date, Social Security Number) when they can be associated with the health information listed above ” (7).


Personal Health Information Privacy Act (PHIPA): Ontario’s equivalent of America’s HIPAA.  It “sets out rules for the collection, use and disclosure of personal health information” for anyone who interacts with personal health information. PHIPA requires that consent is obtained before the collection, use, or disclosure of personal health information. (8).



1. What is an Electric Health Record? — HealthIT.gov

2. About HHS — U.S. Department of Health and Human Services

3. The HIPAA Security Rule –U.S. Department of Health and Human Services

4. About National Health Information Sharing and Analysis Center — NH-ISAC

5. About OCR –U.S. Department of Health and Human Services

6. What Kinds of ePHI Are Protected Under the HIPAA Privacy Rule? — HIPAA Help Center

7. Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule — U.S. Department of Health and Human Services

8. A Guide to the Personal Health Information Privacy Act — Information Privacy Commissioner / Ontario, December 2004