Check out our checklist for a guide to what HIPAA considers identifying information Optometrists are blinking at the complexity of the HIPAA privacy rule. What, exactly, qualifies as protected health information (PHI)? Is a patient's phone number protected? How about his ZIP code? Identifying information:
PHI includes any individually identifiable health information that comes from a healthcare provider, says Julie Simas, insurance coordinator for the Center for Total Eye Care in Westminster, Md. A patient's name and phone number by themselves would not be PHI, but a patient's name and phone number sent by a particular doctor would be.
Any record or other information in your office that contains two or more of the following is subject to the HIPAA privacy rule. You must remove these identifiers in order to "de-identify" the information.
- Patient's name
- Address information other than city, state and ZIP code
- Geographic subdivisions smaller than state
- Home or work telephone number
- Fax number
- Any e-mail address
- Social Security number
- Medical record number
- Medicare or Medicaid number
- Health plan beneficiary number
- Account number
- Certificate/license numbers
- Vehicle identifiers
- Device identifiers
- Device serial number
- Web site addresses
- Biometric identifiers (e.g., fingerprints)
- Full-face photograph
- Dates (except for years) related to birth, death, admission or discharge
- Any other unique identifying number, code or characteristic, unless otherwise permitted
Source: "Standards for Privacy of Individually Identifiable Health Information; Final Rule," section 164.514, Department of Health and Human Services.