Protected Health Information (PHI) is defined as information in any format that identifies the individual, including demographic information collected from an individual that can reasonably be used to identify the individual. PHI is information created or received by a healthcare provider, insurance company, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual.
In order for Covered Entities and Business Associates to protect PHI, it is critical that you are aware of these 18 identifiers that constitute that the information qualifies as PHI.
18 Identifiers That Define Protected Health Information (PHI)
Under the HIPAA Privacy Rule "Identifiers" of PHI include:
2. Geographic subdivisions smaller than a state, except the first three digits of a zip code if the geographic unit formed by combining ALL zip codes with the same 3 initial digits contains more than 20,000 people and the initial 3 digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, and date of death and all ages over 89 and all elements of dates (including year) indicative of such age (except that such ages and elements may be aggregrated into a single category of age 90 or older)
4. Telephone numbers
5. Fax numbers
6. Electronic mail addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers
13. Device identifiers and serial numbers
14. Web Universal Resource Locators (URLs)
15. Internet Protocol (IP) addresses
16. Biometric identifiers, including finger and voice prints
17. Full face photographic images and any comparible images
18. Any other unique identifying number, characteristic, or code (excluding a random identifier code for the subject that is not related to or derived from any existing identifier.
Need help with HIPAA Compliance, Protecting ePHI, or conducting a Security Risk Analysis? Call IntelliSuite at 877-843-5767, or contact us at http://www.intellisuite.com/contact/.