Check This List for Most Common HIPAA Identifiers

Posted on 7 Nov, 2015 |comments_icon 1|By Chris Boucher

UC Berkeley IDs its interpretation of identifiers.

When you’re facing the wrath of auditors – or worse – it’ll be too late to know what constitutes a HIPAA data breach and what doesn’t.

Good news: There are 18 “identifiers” that the feds feel constitute a HIPAA breach, according to the University of California, Berkeley Research Administration and Compliance Office (RAC).

Get ahead of the curve with this quick trip down data breach lane, replete with the identifiers the feds look at most closely when considering HIPAA violations.

Keep an Eye on These Potential Breach Areas

According to RAC, these are the areas medical offices should be most concerned about when protecting their patients’ HIPAA rights:

(NOTE: This is not a comprehensive list of “identifiers;” these are merely the areas that most affect patients’ privacy concerns, as opposed to staff and business associates.)

  1. Patient name
  2. Patient address. This includes street address, city, county, precinct, zip code and other information in certain situations, according to RAC.
  3. Dates (except year) that relate to a patient. This includes, but is not limited to: birth date, any medical service admission/discharge dates and date of death.
  4. Patient phone number(s)
  5. Patient fax number(s)
  6. Patient email address(es)
  7. Patient Social Security number
  8. Patient medical record number
  9. Patient health plan beneficiary number
  10. Any other patient account number(s)

Also, if your practice codes patient information to protect privacy and then uses it in datasets, there are separate standards, RAC reports.

See also: Keep Feds Abreast Of All HIPAA Breaches

“Any code used to replace the identifiers in datasets cannot be derived from any information related to the individual and the master codes,” according to RAC.

Example: You cannot use a patient’s initials to code her data because the initials are derived from the patient’s name.

Best bet: Make sure you don’t have any holes in your HIPAA compliance. Check out the full list of HIPAA identifiers at


Chris Boucher

Chris Boucher has nearly 10 years of experience writing various newsletters and other products for The Coding Institute. His blog will cover several areas of coding and compliance, including CPT® coding, modifiers, HIPAA compliance and ICD-10 coding.

More from this author

View More

One thought on “Check This List for Most Common HIPAA Identifiers

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Signup