The 18 HIPAA Identifiers: What Data is Protected Under HIPAA

HIPAA identifiers consist of 18 types of information that can be used to identify, contact, or locate an individual patient. In healthcare, patient information is often referred to as protected health information (PHI). Due to the passing of the Health Insurance Portability and Accountability Act (commonly referred to as HIPAA) in 1996, companies that manage PHI must follow strict protocols when storing and transmitting this information. The HIPAA Security Rule states that PHI must be protected using administrative, physical, and technical safeguards.

What are the 18 HIPAA Identifiers? 

1. Name
2. Address
3. Dates (of appointments, payments, etc.)
4. Telephone number
5. Fax number
6. Email address
7. Social Security number
8. Medical record number
9. Health plan/insurance beneficiary number
10. Account number
11. Certificate / license number
12. Any vehicle identifiers (e.g. license plate number)
13. Device identifiers and serial numbers
14. Web URLs (Links)
15. Internet Protocol (IP) address
16. Biometric identifiers (finger / retinal / voice)
17. Photographic images
18. Any other characteristic that may be used to uniquely identify an individual

What is Considered PHI Under the 18 HIPAA Identifiers?

According to the U.S. Department of Health & Human Services, protected health information includes any information involving a patient’s physical or mental health, healthcare information, and payment information. If a piece of information can be used to identify, contact, or locate an individual, it is likely considered PHI under HIPAA. To ensure HIPAA compliance, companies must securely manage PHI or risk severe fines and sanctions.

How to Stay HIPAA Compliant

HIPAA applies to HIPAA-covered entities and their business associates. If you’re building an application that stores or transfers healthcare data, you must ensure that you’re using the right safeguards to protect patient information, such as HIPAA compliant chat. When dealing with patient data, avoid collecting any unnecessary information and make sure to permanently delete PHI when it is no longer needed. If you use video conferencing to communicate with your patients or to transfer PHI, you must use HIPAA compliant video conferencing. If your business stores and transmits data, encrypt this data and use HIPAA compliant cloud storage to ensure that it can’t be tampered or altered without patient consent. PubNub has been HIPAA compliant since 2015, so you can be assured that any PHI stored or streamed on your application aligns with HIPAA’s policies. For everything you need to know about building a HIPAA-complaint app, download our ebook, So You’re Building a HIPAA-compliant App.