For clarity, Protected Health Information (PHI) is defined as any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.
The HIPAA Privacy Rule specifies the following pieces of “Individually Identifiable Information” that, when linked with health or medical information, constitute PHI (45 CFR 164.514):
- Names of the individual, and relatives, employers or household members of the individual
- Geographic identifiers of the individual, including subdivisions smaller than a state, street addresses, city, country and precinct
- Zip code at any level less than the initial three digits; except if the initial 3 digits cover a geographic area of 20,000 or less people, then zip code is considered an identifier
- All elements of dates, except year, or dates directly related to an individual including birth date, admission date, discharge date, date of death and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full-face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
Failure to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) can result in Civil and Criminal penalties. These civil and criminal penalties can apply to both Covered Entities and Individuals. Harmony encourages facilities to conduct a breach risk assessment and is available to assist with this essential undertaking.
If you have questions regarding HIPAA or need help maintaining compliance, please click here to contact Harmony Healthcare International or call us at (800) 530-4413.