HIPAA Identifiers: What Data is Protected Under HIPAA

2 min read Michael Carroll on Feb 23, 2023

HIPAA identifiers consist of 18 types of information that can be used to identify, contact, or locate an individual patient. In healthcare, patient information is often referred to as protected health information (PHI). Due to the passing of the Health Insurance Portability and Accountability Act (commonly referred to as HIPAA) in 1996, companies that manage PHI must follow strict protocols when storing and transmitting this information. The

states that PHI must be protected using administrative, physical, and

What are the 18 HIPAA Identifiers? 

  1. Name
  2. Address
  3. Dates (of appointments, payments, etc.)
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan/insurance beneficiary number
  10. Account number
  11. Certificate / license number
  12. Any vehicle identifiers (e.g. license plate number)
  13. Device identifiers and serial numbers
  14. Web URLs (Links)
  15. Internet Protocol (IP) address
  16. Biometric identifiers (finger / retinal / voice)
  17. Photographic images
  18. Any other characteristic that may be used to uniquely identify an individual

What are PHI Identifiers under HIPAA?

According to the U.S. Department of Health & Human Services, protected health information includes any information involving a patient’s physical or mental health, healthcare information, and payment information. If a piece of information can be used to identify, contact, or locate an individual, it is likely considered PHI under HIPAA. To ensure

, companies must securely manage PHI or risk severe

HIPAA Compliance with the 18 HIPAA Identifiers

HIPAA applies to HIPAA-covered entities and their business associates. If you’re building an application that stores or transfers healthcare data, you must ensure that you’re using the right safeguards to protect patient information, such as

. When dealing with patient data, avoid collecting any unnecessary information and make sure to permanently delete PHI when it is no longer needed. If you use video conferencing to communicate with your patients or to transfer PHI, you must use
. If your business stores and transmits data, encrypt this data and use
to ensure that it can’t be tampered or altered without patient consent. PubNub has been HIPAA compliant since 2015, so you can be assured that any PHI stored or streamed on your application aligns with HIPAA’s policies. For everything you need to know about
, download our ebook, So You’re Building a HIPAA-compliant App.