Protected health information (PHI) is any individually identifiable health information that relates to:
- A person’s health condition
- Healthcare provided
- Payment for healthcare
…and can identify the individual (directly or indirectly).
The following are the 18 identifiers defined by HIPAA. When combined with health information, these make the data PHI. Removing all of these identifiers is one way to de-identify data under HIPAA.
- Full names or last name and first initial
- All geographical identifiers smaller than a state
- Dates (other than year) directly related to an individual such as birthday or treatment dates
- Phone numbers, including area code
- Fax numbers
- Email addresses
- Social Security number
- Medical record numbers
- Health insurance beneficiary numbers
- Bank account numbers
- Driver’s license numbers/certificates
- Vehicle identifiers (including VIN and license plate information)
- Device identifiers and serial numbers
- Web Uniform Resource Locators (URL/s)
- Internet Protocol (IP) address numbers
- Biometrics identifiers including fingerprints, retinal scans, genetic information, and voice prints
- Full face photography and any comparable images that can identify an individual
- Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data
Disclaimer: This information is provided for educational purposes only and does not constitute legal advice. Bridge Compliance is a compliance platform and does not provide legal counsel. Organizations are solely responsible for ensuring compliance with applicable laws.
Helpful?