The 18 HIPAA Identifiers Any Healthcare Company Needs to Know

HIPAA identifiers are key data points that can link an individual to sensitive healthcare information. This link creates Protected Health Information (PHI). There are 18 HIPAA identifiers to be aware of. HIPAA compliant cloud-based phone systems handle PHI through encryption. However, not all cloud-based phone providers are HIPAA compliant. In this article, we'll cover the 18 HIPAA identifiers, why they're important and how to choose a HIPAA compliant provider.

List of HIPAA Identifiers

The National Institutes of Health provides three key points that should be observed when dealing with PHI:

  • De-identified health information, as described in the Privacy Rule, is not PHI, and thus is not protected by the Privacy Rule.
  • PHI may be used and disclosed for research with an individual's written permission in the form of an Authorization.
  • PHI may be used and disclosed for research without an Authorization in limited circumstances: Under a waiver of the Authorization requirement, as a limited data set with a data use agreement, preparatory to research, and for research on decedents' information.

PHI is made up of 18 HIPAA identifiers. The following list of HIPAA identifiers are derived from the Atlanta VA:

  1.  Names
  2.  All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
  4. Phone numbers
  5. Fax numbers
  6. Electronic mail addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers;
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including finger and voice prints
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)

    HIPAA compliant cloud-based phone systems take care of these identifiers and thus PHI through encryption and controlling access to PHI. But not all providers are created equal. It's important to choose a HIPAA compliant provider to ensure proper handling of PHI.

    Identifying Which UCaaS, CCaaS, Or VoIP Technologies Are HIPAA Compliant

    For cloud-based communication services such as UCaaS or CCaas or even legacy technologies such as VoIP, it's important to deal with a HIPAA compliant provider. But how do you verify a provider's compliance?

    UCaaS, CCaaS and VoIP all deal with voice and in many cases, conversations will be recorded. These recordings may be the actual employee/customer conversation or a voicemail. To be HIPAA compliant, providers must meet the following criteria:

    • All recordings must be PCI-DSS and HIPAA compliant
    • Full security protection, including encryption
    • Auditing capabilities

    Ask any potential provider if they meet the above criteria rather than relying solely on website descriptions about their services.

    The 18 HIPAA identifiers listed above must be handled with care to avoid exposing an individual's identity. Additional, any cloud-based phone system should be used by healthcare companies should be HIPAA compliant, meeting the criteria discussed above.

    When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our form online to request a no-obligation quote from an 8x8 Product Specialist.

    • Request a

      or call 1-866-835-2979