Harmony Healthcare Blog

HIPAA - Individually Identifiable Information: Know the Rules!

Posted by The Harmony Team on Mon, Feb 23, 2015

Edited by Kris Mastrangelo

As long-term care facilities continue to adapt to 2015 changes, it is important that they remember to implement compliance safe guards.  Facilities need to be committed to bridging existing codes of conduct to develop reasonable safeguards required by the Privacy Rule. One such policy includes incidental use and disclosure of confidential health information (also known as Protected Health Information or “PHI”). Per the requirements in the HIPAA Privacy Rule (See 45 CFR 164.530), protect the confidentiality of individually identifiable patient health and financial information from any unauthorized intentional or unintentional use or disclosure. 

For clarity,  Protected Health Information (PHI) is defined as any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment. 

The HIPAA Privacy Rule specifies the following pieces of “Individually Identifiable Information” that, when linked with health or medical information, constitute PHI (45 CFR 164.514): 

  1. Names of the individual, and relatives, employers or household members of the individual
  2. Geographic identifiers of the individual, including subdivisions smaller than a state, street addresses, city, country and precinct
  3. Zip code at any level less than the initial three digits; except if the initial 3 digits cover a geographic area of 20,000 or less people, then zip code is considered an identifier
  4. All elements of dates, except year, or dates directly related to an individual including birth date, admission date, discharge date, date of death and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
  5. Telephone numbers
  6. Fax numbers
  7. Electronic mail addresses
  8. Social security numbers
  9. Medical record numbers
  10. Health plan beneficiary numbers
  11. Account numbers
  12. Certificate/license numbers
  13. Vehicle identifiers and serial numbers, including license plate numbers
  14. Device identifiers and serial numbers
  15. Web Universal Resource Locators (URLs)
  16. Internet Protocol (IP) address numbers
  17. Biometric identifiers, including finger and voice prints
  18. Full-face photographic images and any comparable images
  19. Any other unique identifying number, characteristic, or code

Failure to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) can result in Civil and Criminal penalties. These civil and criminal penalties can apply to both Covered Entities and Individuals. Harmony encourages facilities to conduct a breach risk assessment and is available to assist with this essential undertaking.

Check out this HHI Resource to Determine How Safe Your Patient Data Is - Click Here!

If you have questions regarding HIPAA or need help maintaining compliance, please click here to contact Harmony Healthcare International or call us at (800) 530-4413. 



Tags: Compliance, HIPAA, ePHI, Privacy

Subscribe to The HHI Blog

Posts by Topic

see all
New Call-to-action

Stay connected!