HIPAA Requirements for Patient Cases De‐Identifiable Information
Protected Health Information that is “stripped” or “voided” of information that could reveal the identity of a patient. There are 18 items specified within the rules of HIPAA that are considered to be identifiable. Therefore, these items must be de‐identified when presenting the patient to persons other than those considered to be directly involved in that particular patient’s care. The list of 18 items that must be de‐identified is as follows:
- Geographic subdivisions: Street address, city, county, precinct, zip code (The first three numbers of a zip code are all right to include if the geographic unit formed by combining all zip codes with the same initial three numbers contains more than 20,000 people. If the geographic unit formed by combining all zip codes with the same initial three numbers contains 20,000 people or less, the first three digits must be changed to 000.)
- All elements of dates: Birth dates, admission date, discharge date, date of death, and all ages over 89, and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full face photographic images, and any comparable images
- Any other unique identifying number, characteristic, or code
De‐identified patient information will be of most importance when you are making case presentations to people who are not directly involved in the presented patient’s health care. The following examples are given to illustrate the difference between using identifiable and de‐identified information.
Case presentation that includes identifiable patient information:
Mrs. Betty Jones is a 47 yo WF who lives in Gainesville, FL. She has a PMH significant for HTN, CHF and hyperlipidemia. She was admitted to Shands Hospital on May 3, 2003 for a CHF exacerbation. Mrs. Jones was then discharged from Shands Hospital on May 6, 2003, and will be scheduled for f/u appointments with Dr. Lemacher in the Cardiology Clinic, located in the Shands Medical Plaza.
Case presentation that includes de‐Identified Patient Information:
A female patient, 47 yo, was admitted to a local hospital for a CHF exacerbation. Pt has a PMH significant for HTN, CHF and hyperlipidemia. She was admitted to the hospital for three days and will be scheduled for f/u in local cardiology clinic.