Home/Categories/Healthcare Data Security

What You Need to Know About Hipaa Identifiers and PHI

Author

Reads 572

Doctors Discussing a Medical Chart
Credit: pexels.com, Doctors Discussing a Medical Chart

HIPAA identifiers are unique numbers assigned to individuals for healthcare purposes.

There are 18 types of HIPAA identifiers, which can be categorized into two groups: direct and indirect identifiers.

Direct identifiers include name, address, date of birth, and phone number.

These are the most common types of direct identifiers used in healthcare.

Indirect identifiers, on the other hand, include medical record numbers, health plan beneficiary numbers, and vehicle identifiers.

These types of identifiers can be used to link to an individual's direct identifiers.

HIPAA identifiers are used to ensure patient confidentiality and security in healthcare settings.

What is PHI?

PHI stands for Protected Health Information, which is any information in the medical record or designated record set that can be used to identify an individual and was created, used, or disclosed in the course of providing a health care service.

Protected health information is used in studies involving review of existing medical records for research information, such as retrospective chart review. It's also created in studies that produce new medical information in the course of the research, like diagnosing a health condition or evaluating a new drug or health device.

Credit: youtube.com, What are the 18 PHI identifiers?

A patient or plan member can be the subject of multiple designated record sets, and a single item of individually identifiable health information can qualify as a designated record set. For example, a picture of a child on a pediatrician's "baby wall" qualifies as a designated record set because it identifies the child and implies a healthcare relationship with the pediatrician.

PHI includes enrollment, medical, and billing records that is maintained in designated record sets and used by covered entities to make diagnosis, treatment, and/or payment decisions about a patient or plan member.

Here are the 18 identifiers of PHI defined by HHS:

  1. Name: The name(s) of relatives, friends, or anybody else with a connection to the individual.
  2. Address: Any address elements smaller than state.
  3. Dates: Any element of the individual’s notable dates such as date of birth, admission, discharge, death, and exact age if 90 or older.
  4. Telephone Number(s): Any current or previous phone numbers.
  5. Fax Number(s): Any current or previous fax numbers.
  6. Email Address(es): Any current or previous email addresses.
  7. Social Security Number: The individual’s complete or partial SSN.
  8. Medical Record Number: The number your facility assigned the individual.
  9. Health Plan Beneficiary Number: The number assigned to the individual by their health plan.
  10. Account Number(s): Numbers assigned to the individual for any of their accounts.
  11. Certificate or License Number: Any number listed on a certification or license, such as their driver’s license.
  12. Vehicle Identifiers: Information that identifies the individual’s car, such as serial numbers and license plate numbers.
  13. Device Identifiers: Information that identifies the individual’s device, such as serial numbers.
  14. Web URL: The Uniform Resource Locator (URL) of the individual’s website(s).
  15. IP Address: The Internet Protocol (IP) Address the individual uses to connect to the internet.
  16. Biometric Identifiers: The patient’s unique biological characteristics such as fingerprint, voice print, and facial recognition details.
  17. Photographic Images: Any photograph of the individual, including those that don’t show their face.
  18. Other: Any other uniquely characteristic, code, or number that can identify the individual.

List of 18

The List of 18 Identifiers of PHI is a crucial aspect of HIPAA regulations. It's a list of 18 specific details that, if included in an individual's health information, make it considered Protected Health Information (PHI).

Here are the 18 identifiers, as defined by HHS:

  1. Name: The name(s) of relatives, friends, or anybody else with a connection to the individual.
  2. Address: Any address elements smaller than state.
  3. Dates: Any element of the individual’s notable dates such as date of birth, admission, discharge, death, and exact age if 90 or older.
  4. Telephone Number(s): Any current or previous phone numbers.
  5. Fax Number(s): Any current or previous fax numbers.
  6. Email Address(es): Any current or previous email addresses.
  7. Social Security Number: The individual’s complete or partial SSN.
  8. Medical Record Number: The number your facility assigned the individual.
  9. Health Plan Beneficiary Number: The number assigned to the individual by their health plan.
  10. Account Number(s): Numbers assigned to the individual for any of their accounts.
  11. Certificate or License Number: Any number listed on a certification or license, such as their driver’s license.
  12. Vehicle Identifiers: Information that identifies the individual’s car, such as serial numbers and license plate numbers.
  13. Device Identifiers: Information that identifies the individual’s device, such as serial numbers.
  14. Web URL: The Uniform Resource Locator (URL) of the individual’s website(s).
  15. IP Address: The Internet Protocol (IP) Address the individual uses to connect to the internet.
  16. Biometric Identifiers: The patient’s unique biological characteristics such as fingerprint, voice print, and facial recognition details.
  17. Photographic Images: Any photograph of the individual, including those that don’t show their face.
  18. Other: Any other uniquely characteristic, code, or number that can identify the individual.

These identifiers can be used to identify an individual, and if included in their health information, make it considered PHI.

Protecting PHI

Credit: youtube.com, What is PHI (Protected Health Information)? | HIPAA Training

Protecting PHI is crucial, and ChartRequest is a company that specializes in electronic medical record fulfillment, founded in 2012 in Atlanta, GA.

If you leak protected health information, HIPAA penalties aren't the only risk you'll face. Cybercriminals worldwide stand to gain from using the sensitive information housed in health records.

ChartRequest prioritizes the security of protected health information, which is why it's a great option for exchanging records online. By using ChartRequest, you can avoid major threat vectors used by hackers, phishers, and other cybercriminals.

The ramifications of a records breach can be devastating, which is why it's essential to take security seriously. With ChartRequest, you can take the secure, compliant release of information into your own hands.

ChartRequest has specialized dashboards for patients, healthcare professionals, and non-healthcare professionals, making it easy to use for everyone. This one-size-fits-all approach to medical record exchange is a game-changer.

For your interest: Security Standards Hipaa

Non-PHI Under HIPAA

Identifying non-health information is not considered PHI under HIPAA when it's not maintained in the same designated record set as health information.

Credit: youtube.com, What is Protected Health Information under HIPAA?

Marketing departments, transport providers, and facility administrators may all need to have access to patient information without needing to know health, treatment, or payment information, as long as the identifiers are kept separate.

Any identifying information maintained outside a designated record set or maintained by a business not subject to HIPAA does not have the same protections as PHI.

Research studies may use health-related information that is personally identifiable, but it's not considered to be PHI if the data are not associated with or derived from a healthcare service event.

Examples of research using only RHI and thus not subject to HIPAA include use of aggregated (non-individual) data, diagnostic tests from which results are not entered into the medical record, and testing conducted without any PHI identifiers.

Health information by itself without the 18 identifiers is not considered to be PHI, for example, a data set of vital signs by themselves does not constitute protected health information.

If this caught your attention, see: Explanation of Hipaa

What Else is Considered PHI?

Credit: youtube.com, What is a HIPAA Identifier?

PHI is more than just individually identifiable health information like enrollment, medical, and billing records. Any information that can be used to identify an individual when maintained in the same designated record set as PHI is considered protected.

Social media aliases can be used to impersonate an individual and access more information about them, making them considered PHI. This includes aliases on platforms like Facebook and Twitter.

Medicare Beneficiary Identifiers (MBIs) have replaced SSN-based HIC Numbers for most Medicare beneficiaries, and are considered PHI when maintained in a designated record set.

Information about an emotional support animal can be considered PHI if a picture of the animal or the information could be used to identify the individual.

Any non-health information that could identify the subject of the PHI, such as information about a family member or friend, is also considered protected. This includes information that could be used to identify the individual through their relationships.

Credit: youtube.com, PHI (Protected Health Information) for Medical Interpreters: What it is and how to protect it

Here are some examples of non-health information that can be considered PHI:

  • Social media aliases
  • Medicare Beneficiary Identifiers (MBIs)
  • Information about an emotional support animal
  • Information about a family member or friend

It's essential to remember that any identifying information can be considered PHI under HIPAA when it's maintained in a designated record set, not just the 18 HIPAA PHI identifiers listed in §164.514 of the Privacy Rule.

Frequently Asked Questions

What are the 5 code sets approved by HIPAA?

According to HIPAA, the 5 approved code sets are ICD-10, HCPCS, CPT, CDT, and NDC, which are used to standardize medical and dental coding. These code sets ensure accurate and consistent billing and data exchange in the healthcare industry.

What are 5 acceptable patient identifiers?

Here are 5 examples of acceptable patient identifiers: name, identification number, telephone number, date of birth, and other person-specific identifiers. These identifiers help ensure accurate patient information and care.

Sources

  1. https://chartrequest.com/protected-health-information-identifiers/
  2. https://www.complianceonline.com/dictionary/HIPAA_Unique_identifiers_rule.html
  3. https://cphs.berkeley.edu/hipaa/hipaa18.html
  4. https://irb.ucsf.edu/hipaa
  5. https://www.hipaaguide.net/what-is-considered-as-phi-under-hipaa/

Featured Images: pexels.com

Sheldon Kuphal

Writer

Sheldon Kuphal is a seasoned writer with a keen insight into the world of high net worth individuals and their financial endeavors. With a strong background in researching and analyzing complex financial topics, Sheldon has established himself as a trusted voice in the industry. His areas of expertise include Family Offices, Investment Management, and Private Wealth Management, where he has written extensively on the latest trends, strategies, and best practices.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.