18 HIPAA Identifiers for PHI

18 PHI Identifiers

In today’s digital world, privacy is a luxury that is often difficult to come by. One area where this issue is particularly sensitive is healthcare, where personal information can be susceptible to hacking. That’s why the 18 identifiers of Protected Health Information (PHI) are so important – they provide a list of what constitutes private medical data so that healthcare organizations know what information they must protect. Whether you’re a patient, healthcare provider, or administrator, understanding these 18 identifiers is critical in ensuring that PHI remains confidential and secure at all times. So, let’s take a closer look at what they are and why they matter.

The Department of Health and Human Services (HHS) lists the 18 HIPAA identifiers as follows:

  1. Patient names  
  2. Geographical elements (such as a street address, city, county, or zip code)
  3. Dates related to the health or identity of individuals (including birthdates, date of admission, date of discharge, date of death, or exact age of a patient older than 89)
  4. Telephone numbers
  5. Fax numbers
  6. Email addresses
  7. Social security numbers
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers
  13. Device attributes or serial numbers
  14. Digital identifiers, such as website URLs 
  15. IP addresses
  16. Biometric elements, including finger, retinal, and voiceprints
  17. Full face photographic images 
  18. Other identifying numbers or codes 

Schedule a Demo

See the software that makes tracking compliance a breeze!

Healthcare Compliance Software - CG

18 HIPAA Identifiers and the HIPAA Privacy Rule

The HIPAA Privacy Rule established standards for the use and disclosure of PHI. The law requires organizations to adopt the “minimum necessary rule” which states that covered entities must take reasonable steps to limit the use and disclosure of PHI. As such CEs must access only the information necessary to accomplish their intended purpose. The HIPAA Privacy Rule also lays out patient rights in regards to their PHI.

  • Notice of Privacy Practices (NPP): must be given to patients upon intake. It must be written in a clear manner that patients can easily understand. An NPP describes patient rights in terms of the 18 HIPAA unique identifiers. An NPP also explains what a covered entity (CE) may or may not do with PHI.
  • Request Access to Medical Records: patients have the right to request their medical records. Patients must fill out an authorization form to do so.
  • Request an Amendment to Medical Records: the HIPAA Privacy Rule mandates that patients have the right to request an amendment of PHI when they believe there has been an error on their record. It is up to the discretion of the covered entity (CE) to determine if the record is accurate. 
  • Request Special Privacy Protection for PHI: patients have the right to restrict the disclosure of PHI. However, CEs are not required to agree to the request. 
  • Parents Access to Minor’s Medical Records: in most cases a parent or legal guardian can access a minor’s medical records. The HHS provides examples for situations in which parents cannot access a minor’s medical records.
    • The minor consents to care where parental consent is not required
    • A court decides that a minor must receive care
    • A parent agrees that the minor and covered entity have a confidential relationship

18 HIPAA Identifiers and the HIPAA Security Rule

The HIPAA Security Rule mandates that protected health information (PHI) is secured in the form of administrative, physical, and technical safeguards. As part of the HIPAA Security Rule, organizations must have standards for the confidentiality, integrity, and availability of PHI.

  • Confidentiality: PHI may not be disclosed without prior patient authorization
  • Integrity: PHI that is transmitted or maintained must only be accessed by those who need access to perform job functions 
  • Availability: organizations and patients must be able to easily access PHI

18 HIPAA identifiers

Need Assistance with your HIPAA Compliance?

Compliancy Group can help! Our cloud-based HIPAA compliance software, the Guard™, gives you the flexibility to work on your HIPAA compliance from anywhere that has an internet connection. Our expert Compliance Coaches™ will guide you through our implementation process, enabling you to Achieve, Illustrate, and Maintain™ HIPAA compliance. Contact Compliancy Group to learn more about HIPAA and PHI regulations.

Modernize Your Compliance

Say goodbye to spreadsheets and hello to automated software!

Global CTAs Image