ChartRequest Logo

+1 (888) 895-8366

In 1996, the Department of Health and Human Services (HHS) passed the Health Insurance Portability and Accountability Act (HIPAA). This legislation changed the way healthcare providers could disclose patient information. 

Today, HIPAA requires covered entities and their business associates to protect all individually identifiable health information (IIHI). There’s also personally identifiable information (PII), which is synonymous with IIHI.

If you’d like to read more about HIPAA, click here.

There are 18 identifiers that determine whether individually identifiable health information is also protected health information. Before we discuss PHI, let’s briefly cover (IIHI).


Passed in 2000, the HIPAA Privacy Rule protects all individually identifiable health information (IIHI) from unauthorized use or disclosure by covered entities or their business associates. Whether these professionals share this information electronically, physically, or even orally, they must protect it.

Need to brush up on the Privacy Rule? Click here to learn more!

So what counts as individually identifiable health information? HHS defines IIHI as any information related to:

  1. Any of the individual’s mental health or condition details
  2. Any of the individual’s healthcare details
  3. Payment details for the individual’s care
  4. Information that can identify the individual

When comparing protected health information and individually identifiable health information, think of squares and rectangles. All PHI is also IIHI, but not all IIHI is PHI. You can determine whether any information is PHI or IIHI by checking the 18 identifiers of PHI defined by HHS.


Safeguarding protected health information is a key objective of HIPAA. As such, HHS needed to define what specifically constitutes PHI. 

If IIHI contains at least one of the following details, HHS considers it PHI:

  1. Name: The name(s) of relatives, friends, or anybody else with a connection to the individual.
  2. Address: Any address elements smaller than state.
  3. Dates: Any element of the individual’s notable dates such as date of birth, admission, discharge, death, and exact age if 90 or older.
  4. Telephone Number(s): Any current or previous phone numbers.
  5. Fax Number(s): Any current or previous fax numbers.
  6. Email Address(es): Any current or previous email addresses.
  7. Social Security Number: The individual’s complete or partial SSN.
  8. Medical Record Number: The number your facility assigned the individual.
  9. Health Plan Beneficiary Number: The number assigned to the individual by their health plan.
  10. Account Number(s): Numbers assigned to the individual for any of their accounts.
  11. Certificate or License Number: Any number listed on a certification or license, such as their driver’s license.
  12. Vehicle Identifiers: Information that identifies the individual’s car, such as serial numbers and license plate numbers.
  13. Device Identifiers: Information that identifies the individual’s device, such as serial numbers.
  14.  Web URL: The Uniform Resource Locator (URL) of the individual’s website(s).
  15.  IP Address: The Internet Protocol (IP) Address the individual uses to connect to the internet.
  16.  Biometric Identifiers: The patient’s unique biological characteristics such as fingerprint, voice print, and facial recognition details.
  17.  Photographic Images: Any photograph of the individual, including those that don’t show their face. 
  18.  Other: Any other uniquely characteristic, code, or number that can identify the individual.


When covered entities, business associates, or patients leak protected health information, HIPAA penalties aren’t the only risk. Cybercriminals worldwide stand to gain from using the sensitive information housed in health records.

Whether this information is shared maliciously, used to steal the patient’s identity, or sold illegally, the ramifications of a records breach can be devastating. That’s why ChartRequest prioritizes the security of protected health information.

By exchanging records online with ChartRequest, you can avoid major threat vectors used by hackers, phishers, and other cybercriminals. Click here to learn more about threat vectors in healthcare.

With specialized dashboards for patients, healthcare professionals, and non-healthcare professionals, we’ve created a one-size-fits-all approach to medical record exchange. Additionally, we have unique options for each version so everyone on ChartRequest gets the exact service they need.

Medical record exchange doesn’t need to be complicated. Take the first step, sign up for your ChartRequest account today, and take the secure, compliant release of information into your own hands.

7 Benefits Pediatric Partners Experience With ChartRequest
Our pediatric partners streamline release of information compliance to help them prioritize providing excellent care for young patients.
Pediatric Clinic Best Practices for Sharing Medical Records in 2024
Pediatric clinics handle very sensitive information that requires careful handling, and release of information software can help.
5 Benefits of ROI Software for Orthopedics and Sports Medicine
Orthopedics and sports medicine often receive high volumes of records requests, and modern ROI solutions can help your team keep up.
Streamline Medical Image Exchange in 2024
Medical image exchange has had an interesting history, and release of information software has yet again revolutionized the process.
Does Your Orthopedic Center Still Use CDs?
CDs have a long history of use in healthcare, but orthopedic centers are upgrading to better digital options for sharing imaging records.
Top 5 Reasons Medical Imaging Specialists Need an ROI Solution
Specialists in medical imaging have long struggled with releasing imaging records, but release of information solutions can make it easier.

Want to Stay Updated?

Subscribe to our newsletter to learn:

  • Tips to Ensure Compliance
  • Strategies for ROI Success
  • Relevant Healthcare News

We respect your inbox, so we’ll only reach out to share high-quality content.