Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

How HIPAA defines confidentiality, integrity, and availability of ePHI

How HIPAA defines confidentiality, integrity, and availability of ePHI

HIPAA defines confidentiality as the protection of patient data from unauthorized disclosure. Integrity involves safeguarding data accuracy and authenticity. Availability is the assurance that electronic Protected Health Information (ePHI) remains accessible for authorized use.

These three principles are integral to the HIPAA Security Rule, ensuring the protection of ePHI in healthcare organizations.


Understanding the HIPAA security rule

The HIPAA Security Rule is the national standard for safeguarding the privacy and security of PHI. PHI includes any demographic information that can be used to identify a patient, such as names, addresses, telephone numbers, Social Security numbers, email addresses, financial information, insurance ID numbers, and medical records. When PHI is stored electronically, it is called electronic protected health information (ePHI).

The Security Rule outlines three main categories of safeguards organizations must implement to protect ePHI: administrative, technical, and physical. These safeguards are designed to ensure the confidentiality, integrity, and availability of PHI.

Go deeper:



Confidentiality, as defined by HIPAA, is the cornerstone of patient data protection. It ensures that ePHI is not disclosed to unauthorized individuals or entities. HIPAA's legal definition of confidentiality states that it is "the property that data or information is not made available or disclosed to unauthorized persons or processes." 

Healthcare providers must safeguard information with:


Access controls

Implementing strict access controls limit who can view or interact with ePHI. This includes user authentication, role-based access, and the principle of least privilege.



Encrypting ePHI prevents unauthorized access. It ensures that even if data is intercepted, it remains indecipherable to unauthorized parties.

See also: HIPAA Compliant Email: The Definitive Guide 


Audit trails 

Audit trails track access to ePHI, allowing organizations to monitor who has accessed patient data, when, and for what purpose. This helps identify and prevent unauthorized access.



Data integrity, according to HIPAA, is defined as "the property that data or information have not been altered or destroyed in an unauthorized manner."

This definition emphasizes the importance of maintaining the accuracy and authenticity of ePHI. Healthcare organizations use various methods to maintain their integrity.


Data validation 

Data validation processes ensure that ePHI remains accurate and complete. This involves checking data for errors, inconsistencies, and potential tampering.


Data backups 

Data backups are crucial to ensure that even in the event of data corruption or loss, accurate and complete patient information is restored.


Audit controls 

Audit logs and controls are used to track changes to ePHI, helping identify any unauthorized alterations or deletions.



Availability, as per HIPAA's definition, means "the property that data or information is accessible and usable upon demand by an authorized person."

This underscores the importance of ensuring ePHI remains readily available for patient care, administrative, and other critical purposes. The measures for maintaining availability include:


Data redundancy 

Healthcare organizations employ redundant systems and data centers to ensure continuous access to ePHI, even in system failures or disasters.


Disaster recovery plans 

Disaster recovery plans are in place to mitigate the impact of unforeseen events, ensuring that ePHI can be restored quickly and efficiently.


System maintenance

Regular maintenance and updates prevent system failures and disruptions that could affect the availability of ePHI.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.