EHR and practice management for mental / behavioral health
PIMSY behavioral health practice management system PHI identifiers

2016 HIPAA Audits Part 3: PHI Identifiers

by Donna Koger, 11.5.15

Personal Health Information (PHI) Identifiers

If you have come across the word “identifiers” in connection with Personal Health Information (PHI), you may have asked yourself “what are they and why should I care about identifiers?” If you are aware of the types of information protected by HIPAA rules, then you already know how to protect yourself against a PHI Breach (click here for details).

If not, these are the types of information you should protect at all cost. Under the HIPAA Privacy Rule, “identifiers” include the following:

     1. Names

     2. Geographic subdivisions smaller than a state (except the first three digits of a zip code if the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000)

     3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date and date of death. All elements of dates (including year) indicative of age 89 or older (except ages and elements that may be aggregated into a single category of age 90 or older)

     4. Telephone numbers

     5. Fax numbers

     6. Electronic mail addresses

     7. Social security numbers

     8. Medical record numbers

     9. Health plan beneficiary numbers

     10. Account numbers

     11. Certificate/license numbers

     12. Vehicle identifiers and serial numbers, including license plate numbers

     13. Device (computers, mobile devices, etc.) identifiers and serial numbers

     14. Web Universal Resource Locators (URLs)

     15. Internet Protocol (IP) address numbers

     16. Biometric identifiers, including finger and voice prints

     17. Full face photographic images and any comparable images

     18. Any other unique identifying number, characteristic, or code (excluding a random identifier code for the subject that is not related to or derived from any existing identifier)

In order to protect yourself and your practice from a data breach, be sure to inform all of your staff as to the definitions of identifiers and how they must be fully protected under HIPAA laws. 

Sources Include 

California Office of Statewide Health Planning and Development:

More Information

Find more complimentary resources in our HIPAA Resource Center
Related Posts:
Part 1: What’s on the Horizon?
Part 2: Into the Breach
Part 4: 10 Steps to HIPAA Compliance




Donna Koger is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.

Kudos from Clients

Seth H.

“PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

~ Seth H., Business Owner

Subscribe To Our Newsletter

Subscribe to the PIMSY newsletter
What topics are you most interested in?