Working in a large organization with over 100+ employees? Discover how Dovetail can scale your ability to keep the customer at the center of every decision. Contact sales.
Protected health information (PHI) is any information in a person’s medical health record that can be used to uniquely identify, locate, or contact that person. This kind of information is at risk of being hacked by unauthorized personnel if it’s not handled appropriately during storage or transmission.
The HIPAA Privacy Rule protects PHI and ensures that it remains confidential and secure at all times. The 18 HIPAA identifiers below are considered personally identifiable information (PII) and should be safeguarded.
This guide will help you learn more about HIPAA and its identifiers, equipping you with the knowledge you need to stay compliant.
PHI identifiers are pieces of information that can be used to contact or locate the person to whom they belong.
Below are the identifiers HIPAA designates as PHI:
A patient’s first and last names are considered PHI when recorded or used by a healthcare provider within a healthcare context. The patient’s name must be secured during transmission or storage.
Any geographical element in a patient’s health record that is smaller in scale than a state is considered PHI. These elements include street addresses, counties, and cities.
PHI that covers any dates related to the person’s health are PHI identifiers. These may include the patient’s admission date, treatment date, birth date, and age.
Any phone number belonging to the individual is considered PHI if maintained in a database containing health information.
Records that contain the individual’s phone number associated with a fax machine can’t be shared without the patient’s authorization because this is classified as a PHI identifier.
A patient’s email address is considered PHI if it’s linked to the individual’s health record. Email addresses should remain protected to avoid the risk of interception or unauthorized access to sensitive patient data. Hackers can use a patient’s email address for malware and collect other sensitive information from their device.
Hackers can use social security numbers for malicious intent, such as falsely acquiring Medicare benefits. This kind of information is classified as a HIPAA identifier as it can also be used to obtain the individual’s sensitive information.
This is a record that can identify a person receiving medical treatment. It can provide access to medical data and other sensitive information about them.
This information is assigned to patients by health insurance services. According to HIPAA, it should be protected from unauthorized access.
An individual’s account numbers are classified as HIPAA identifiers.
Access to an individual’s license number can be used in combination with other PHI to steal someone’s personal identity. As a result, certificate numbers are considered HIPAA identifiers.
License plate numbers or serial numbers of vehicles belonging to patients are HIPAA identifiers, as hackers with malicious motives can use them to locate the individual.
Serial numbers that are assigned to the individual’s medical devices are PHI; for instance, the serial number of a heart monitor. If a device like this transmits PHI data, it must be handled in a HIPAA-compliant way.
Patient information such as name and date of birth can be leaked by unauthorized personnel and used to locate an individual when URLs are cached in browser history. These include website URLs that can be used to track electronic transactions.
IP addresses are considered PHI under HIPAA regulations. These unique identifiers can be used to track the individual’s location if the information is accessed by unauthorized personnel.
Biometrics are unique physical characteristics that identify an individual. This information can be used to impersonate that person. It must be safeguarded as a result to protect the confidentiality and integrity of patient information.
Facial images taken by healthcare providers and used in a healthcare context are considered PHI. A patient’s photo is also considered PHI if it contains patient identifiers such as their name, date of birth, address, or social security number.
These include any other numerical characteristics that can be used to identify a person.
Our team can give you a demo, help you choose the right plan and ensure you get the most out of Dovetail.
Request a demoThese 18 HIPAA identifiers play a crucial role in healthcare. Healthcare service providers use them during treatment to identify individual patients.
Furthermore, having an understanding of the 18 identifiers allows covered entities to comply with HIPAA regulations.
The identifiers can also be used in healthcare settings to
Develop healthcare protocols
Implement clinical guidelines
Conduct training programs for healthcare providers
Detect fraud and abuse of HIPAA regulations
The HIPAA Privacy Rule is a set of standards for the privacy of individually identifiable health information.
It establishes policies protecting individually identifiable health information held or transmitted by a covered entity. It also sets standards for accessing the information. For instance, the rule defines who can access PHI and the circumstances in which it can be used.
Under the Privacy Rule, covered entities can’t allow the 18 identifiers to be disclosed except for treatment, public health purposes, or HIPAA-permitted research. None of the identifiers can be disclosed without patient authorization.
The HIPAA Security Rule was established to guide covered entities on technical, administrative, and physical safeguards for maintaining electronic PHI’s confidentiality, integrity, and availability.
The security rule establishes strict data encryption guidelines that ensure authorized personnel only access PHI information using a secure password.
The technical safeguards outlined in the rule include the use of antivirus software, firewalls, and intrusion-detection systems. The administrative safeguards include policies that limit access to the 18 identifiers, training, and educating employees about the best approaches to security.
HIPAA identifiers are found on medical records stored in healthcare databases that can be used to identify, contact, or locate an individual.
Indirect identifiers are those that need to be combined with other information to potentially identify a person. They can include ethnicity, race, or information available through other sources.
Some unique identifiers are email addresses, names, social security numbers, and telephone numbers.
Do you want to discover previous research faster?
Do you share your research findings with others?
Do you analyze patient research?
Last updated: 23 August 2023
Last updated: 23 August 2023
Last updated: 8 August 2023
Last updated: 2 August 2023
Last updated: 8 August 2023
Last updated: 10 August 2023
Last updated: 11 September 2023
Last updated: 31 July 2023
Last updated: 16 August 2023
Last updated: 22 August 2023
Last updated: 10 August 2023
Last updated: 25 November 2023
Last updated: 25 November 2023
Last updated: 11 September 2023
Last updated: 23 August 2023
Last updated: 23 August 2023
Last updated: 22 August 2023
Last updated: 16 August 2023
Last updated: 10 August 2023
Last updated: 10 August 2023
Last updated: 8 August 2023
Last updated: 8 August 2023
Last updated: 2 August 2023
Last updated: 31 July 2023
Get started for free
or
By clicking “Continue with Google / Email” you agree to our User Terms of Service and Privacy Policy