What is the Confidentiality of ePHI?

Modified on Tue, 13 Jun, 2023 at 9:25 AM

The HIPAA regulations define “confidentiality” as “The property that data or information is not made available or disclosed to unauthorized persons or processes.”


Under the HIPAA Security Rule, covered entities and business associates must ensure the confidentiality of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits. Various provisions of the Security Rule specifically require confidentiality be assessed, preserved, or maintained. 

These HIPAA confidentiality provisions require the following:

  • Performing a Risk Analysis: Performing a risk analysis requires healthcare providers and business associates to (among other things) conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality of electronic protected health information held by the covered entity or business associate; and
  • Implementing Administrative, Physical, and Technical Safeguards: The plan sponsor of a group health plan must implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality of the electronic protected health information the plan sponsor creates, receives, maintains, or transmits on behalf of the group health plan.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article