A list of 18 identifiers was created in 1996 by the US Health Insurance Portability and Accountability Act (HIPAA) to represent protected health information (PHI). PHI is any information that can be used to identify an individual and that was created, used, or disclosed during a patient-physician encounter.
In contrast, personal identifiers, such as name and address, are not considered to be PHI unless they are associated with or derived from a health-care service event. In addition, health information by itself without the 18 identifiers is not considered to be PHI. For example, a dataset that contains only patient vital signs or blood pressure readings would not be PHI. The identifiers that HIPAA established are:
- Geographic information (including city, state, and zip code)
- Elements of dates
- Telephone numbers
- Fax numbers
- E-mail address
- Social Security numbers
- Medical record, prescription numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- VIN, serial numbers, license plate numbers
- Device identifiers, serial numbers
- Web URLs
- IP addresses
- Biometric identifiers (finger prints)
- Full face, comparable photo images
- Unique identifying numbers
PHI data can be “de-identified” for use within research or other related projects.
To prepare for this Discussion, search the Internet for more information on PHI as can be found at the following Web sites:
Also search the Internet for the principles and values of medical ethics as can be found at the Web site, American Medical Association Principles of Medical Ethics. Research the laws and regulations that require care providers to override patient confidentiality and privacy rights, such as is the case in New York for communicable diseases (for more information on this, see the New York State Department of Health Web site).
For this Discussion:
- Comment on the types of identifiers and consider their stratification based upon risk to the patient as a result of non-consensual disclosure.
- Discuss the ramifications concerning unauthorized disclosure of a patient’s PHI.
- Discuss how the principles of medical ethics apply to unauthorized disclosure.
- Describe measures that are commonly taken to assure both privacy and security concerning a patient’s PHI, and their rationale.