A list of 18 identifiers was created in 1996 by the US Health Insurance Portability and Accountability Act (HIPAA) to represent protected health information (PHI). PHI is any information that can be used to identify an individual and that was created, used, or disclosed during a patient-physician encounter.
In contrast, personal identifiers, such as name and address, are not considered to be PHI unless they are associated with or derived from a health-care service event. In addition, health information by itself without the 18 identifiers is not considered to be PHI. For example, a dataset that contains only patient vital signs or blood pressure readings would not be PHI. The identifiers that HIPAA established are:
Names
Geographic information (including city, state, and zip code)
Elements of dates
Telephone numbers
Fax numbers
E-mail address
Social Security numbers
Medical record, prescription numbers
Health plan beneficiary numbers
Account numbers
Certificate/license numbers
VIN, serial numbers, license plate numbers
Device identifiers, serial numbers
Web URLs
IP addresses
Biometric identifiers (finger prints)
Full face, comparable photo images
Unique identifying numbers
PHI data can be “de-identified” for use within research or other related projects.
To prepare for this Discussion, search the Internet for more information on PHI as can be found at the following Web sites:
https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-
identification/index.html
https://hipaa.com/hipaa-protected-health-information-what-does-phi-include/
https://privacyruleandresearch.nih.gov/healthservicesprivacy.asp
Also search the Internet for the principles and values of medical ethics as can be found at the Web site, American Medical Association Principles of Medical Ethics. Research the laws and regulations that require care providers to override patient confidentiality and privacy rights, such as is the case in New York for communicable diseases (for more information on this, see the New York State Department of Health Web site).
For this Discussion:
Comment on the types of identifiers and consider their stratification based upon risk to the patient as a result of non-consensual disclosure.
Discuss the ramifications concerning unauthorized disclosure of a patient’s PHI.
Discuss how the principles of medical ethics apply to unauthorized disclosure.
Write a page paper – Describe measures that are commonly taken to assure both privacy and security concerning a patient’s PHI, and their rationale.
