The HIPAA Privacy Rule & Protection of PHI

The HIPAA Privacy Rule protects the privacy of “protected health information” (PHI). The HIPAA Security Rule safeguards PHI that is in electronic form. The HIPAA Security rule defines 18 identifiers (listed below) and details standards for protecting, storing, accessing, transmitting and auditing PHI.

List of Personal Identifiers

(1) Names;

(2) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code in certain situations;

(3) All elements of date (except year) for dates directly related to an individual, including birth date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;

(4) Telephone numbers;

(5) Fax numbers;

(6) Electronic mail addresses;

(7) Social security numbers;

(8) Medical record numbers;

(9) Health plan beneficiary numbers;

(10) Account numbers;

(11) Certificate/license numbers;

(12) Vehicle identifiers and serial numbers, including license plate numbers;

(13) Device identifiers and serial numbers;

(14) Web Universal Resource Locators (URLs);

(15) Internet Protocol (IP) address numbers;

(16) Biometric identifiers, including finger and voice prints;

(17) Full face photographic images and any comparable images; and

(18) Any other unique identifying number, characteristic, or code