ChartRequest - Logo - Color
Close this search box.

What are the 18 Identifiers of Protected Health Information?


In 1996, the Department of Health and Human Services (HHS) passed the Health Insurance Portability and Accountability Act (HIPAA). This legislation changed the way healthcare providers could disclose patient information. 

Today, HIPAA requires covered entities and their business associates to protect all individually identifiable health information (IIHI). There’s also personally identifiable information (PII), which is synonymous with IIHI.

If you’d like to read more about HIPAA, click here.

There are 18 identifiers that determine whether individually identifiable health information is also protected health information. Before we discuss PHI, let’s briefly cover (IIHI).


Passed in 2000, the HIPAA Privacy Rule protects all individually identifiable health information (IIHI) from unauthorized use or disclosure by covered entities or their business associates. Whether these professionals share this information electronically, physically, or even orally, they must protect it.

Need to brush up on the Privacy Rule? Click here to learn more!

So what counts as individually identifiable health information? HHS defines IIHI as any information related to:

  1. Any of the individual’s mental health or condition details
  2. Any of the individual’s healthcare details
  3. Payment details for the individual’s care
  4. Information that can identify the individual

When comparing protected health information and individually identifiable health information, think of squares and rectangles. All PHI is also IIHI, but not all IIHI is PHI. You can determine whether any information is PHI or IIHI by checking the 18 identifiers of PHI defined by HHS.


Safeguarding protected health information is a key objective of HIPAA. As such, HHS needed to define what specifically constitutes PHI. 

If IIHI contains at least one of the following details, HHS considers it PHI:

  1. Name: The name(s) of relatives, friends, or anybody else with a connection to the individual.
  2. Address: Any address elements smaller than state.
  3. Dates: Any element of the individual’s notable dates such as date of birth, admission, discharge, death, and exact age if 90 or older.
  4. Telephone Number(s): Any current or previous phone numbers.
  5. Fax Number(s): Any current or previous fax numbers.
  6. Email Address(es): Any current or previous email addresses.
  7. Social Security Number: The individual’s complete or partial SSN.
  8. Medical Record Number: The number your facility assigned the individual.
  9. Health Plan Beneficiary Number: The number assigned to the individual by their health plan.
  10. Account Number(s): Numbers assigned to the individual for any of their accounts.
  11. Certificate or License Number: Any number listed on a certification or license, such as their driver’s license.
  12. Vehicle Identifiers: Information that identifies the individual’s car, such as serial numbers and license plate numbers.
  13. Device Identifiers: Information that identifies the individual’s device, such as serial numbers.
  14.  Web URL: The Uniform Resource Locator (URL) of the individual’s website(s).
  15.  IP Address: The Internet Protocol (IP) Address the individual uses to connect to the internet.
  16.  Biometric Identifiers: The patient’s unique biological characteristics such as fingerprint, voice print, and facial recognition details.
  17.  Photographic Images: Any photograph of the individual, including those that don’t show their face. 
  18.  Other: Any other uniquely characteristic, code, or number that can identify the individual.


When covered entities, business associates, or patients leak protected health information, HIPAA penalties aren’t the only risk. Cybercriminals worldwide stand to gain from using the sensitive information housed in health records.

Whether this information is shared maliciously, used to steal the patient’s identity, or sold illegally, the ramifications of a records breach can be devastating. That’s why ChartRequest prioritizes the security of protected health information.

By exchanging records online with ChartRequest, you can avoid major threat vectors used by hackers, phishers, and other cybercriminals. Click here to learn more about threat vectors in healthcare.

With specialized dashboards for patients, healthcare professionals, and non-healthcare professionals, we’ve created a one-size-fits-all approach to medical record exchange. Additionally, we have unique options for each version so everyone on ChartRequest gets the exact service they need.

Medical record exchange doesn’t need to be complicated. Take the first step, sign up for your ChartRequest account today, and take the secure, compliant release of information into your own hands.

6 Types of Healthcare Audits For Insurance Companies
Healthcare audits are an essential part of maintaining fairness and accountability as a payor in the healthcare industry.
How Can ERP Insurance Optimize Risk Management?
ERP insurance coverage offers protection from financial losses for a limited period after an existing coverage plan expires.
Leverage Medical Records For Mass Tort Payouts
Mass tort payouts can be massive, but they often require quick and accurate access to your clients' medical records.
Hackensack Meridian Health Penalized $100K For Medical Records Right of Access Penalty
Hackensack Meridian Health, also known as Essex Residential Care, recently faced a $100,000 penalty for Right of Access failure.
What Is the Epic Vs. Particle Health Dispute Regarding Carequality?
The dispute between Epic vs. Particle Health has healthcare professionals split, and this article provides an unbiased breakdown.
Mass Tort Litigation Guide for Personal Injury Attorneys
Mass tort litigation can be a practical way to pursue compensation for numerous personal injury and medical malpractice claimants.

Want to Stay Updated?

Subscribe to our newsletter to learn:

  • Tips to Ensure Compliance
  • Strategies for ROI Success
  • Relevant Healthcare News

We respect your inbox, so we’ll only reach out to share high-quality content.

Sign Up for Automated Care Coordination Updates!

Our automated care coordination and referral management solution is coming soon!
If you’d like to be the first to learn new information and find out when it’s ready, please fill out this form:
This field is for validation purposes and should be left unchanged.