Healthcare Category

The 18 HIPAA Identifiers: What Data's Protected Under HIPAA?

2 min readPubNub Staff on Apr 21, 2020
Try PubNub Today

Free up to 1MM monthly messages. No credit card required.

Subscribe to our newsletter

By submitting this form, you are agreeing to our Terms and Conditions and Privacy Policy.

Understanding HIPAA identifiers is a crucial part of achieving HIPAA compliance if your company stores or transmits protected health information (PHI).

HIPAA identifiers consist of 18 types of information that can be used to identify, contact, or locate an individual patient. In healthcare, patient information is often referred to as protected health information (PHI). Due to the passing of the Health Insurance Portability and Accountability Act (commonly referred to as HIPAA) in 1996, companies that manage PHI must follow strict protocols when storing and transmitting this information. The HIPAA Security Rule states that PHI must be protected using administrative, physical, and technical safeguards.

The 18 HIPAA Identifiers 

  1. Name
  2. Address
  3. Dates (of appointments, payments, etc.)
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan/insurance beneficiary number
  10. Account number
  11. Certificate / license number
  12. Any vehicle identifiers (e.g. license plate number)
  13. Device identifiers and serial numbers
  14. Web URLs (Links)
  15. Internet Protocol (IP) address
  16. Biometric identifiers (finger / retinal / voice)
  17. Photographic images
  18. Any other characteristic that may be used to uniquely identify an individual

What is Considered PHI Under HIPAA?

According to the U.S. Department of Health & Human Services, protected health information includes any information involving a patient’s physical or mental health, healthcare information, and payment information. If a piece of information can be used to identify, contact, or locate an individual, it is likely considered PHI under HIPAA. To ensure HIPAA compliance, companies must securely manage PHI or risk severe fines and sanctions.

How to Stay HIPAA Compliant

HIPAA applies to HIPAA-covered entities and their business associates. If you’re building an application that stores or transfers healthcare data, you must ensure that you’re using the right safeguards to protect patient information, such as HIPAA compliant chat. When dealing with patient data, avoid collecting any unnecessary information and make sure to permanently delete PHI when it is no longer needed. If you use video conferencing to communicate with your patients or to transfer PHI, you must use HIPAA compliant video conferencing. If your business stores and transmits data, encrypt this data and use HIPAA compliant cloud storage to ensure that it can’t be tampered or altered without patient consent. PubNub has been HIPAA compliant since 2015, so you can be assured that any PHI stored or streamed on your application aligns with HIPAA’s policies. For everything you need to know about building a HIPAA-complaint app, download our ebook, So You’re Building a HIPAA-compliant App.

More from PubNub

Can Empathy Exist in the Metaverse
News May 16, 20221 min read

Can Empathy Exist in the Metaverse

A roundtable discussion led by PubNub’s COO, Casey Clegg, exploring the topics of what it means to be human in a virtual world.

PubNub Staff

PubNub Staff

How to Advance Telehealth and Virtual Care Technologies
News May 2, 20221 min read

How to Advance Telehealth and Virtual Care Technologies

Dr. Joe Kvedar, Chair of the Board for the American Telemedicine Association, joins our COO, Casey Clegg, to discuss why...

PubNub Staff

PubNub Staff

Another Step Towards Data Security: ISO-27001 Implementation
BuildMay 2, 20221 min read

Another Step Towards Data Security: ISO-27001 Implementation

Today, we are glad to announce that we are currently in the process of implementing ISO-27001 security standards.

PubNub Staff

PubNub Staff