This entry is part 4 of 26 in the series HIPAA Privacy-Security Reminders

The Health Insurance Portability and Accountability Act (HIPAA) mandated the adoption of Federal privacy and security regulations for protected health information (PHI). PHI is individually identifiable health information which is created or received by a health care provider, health plan, or health care clearinghouse. Such information relates to the past, present or future physical health, mental health or condition of an individual AND can be directly tied to an individual.

What is PHI?

PHI either identifies or could be used to identify the individual and has been transmitted or maintained in any form or medium (electronic, paper or oral).

The regulations define eighteen fields as listed below which can be used to identify individuals:

  1. Names
  2. Geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code and equivalent geocodes
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89.
  4. Telephone numbers
  5. Fax numbers
  6. Email addresses
  7. Social security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers including license plate numbers
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locator (URL)
  15. Biometric identifiers, including finger or voice prints
  16. Full face photographic images and any comparable images
  17. IP address
  18. Any other unique identifying number characteristic or code

The complete HIPAA Privacy and Security regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminder – Understanding Medical Identity TheftHIPAA Privacy and Security Reminders – Protecting Sensitive Data is Everyone’s Responsibility >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.