What Types Of Data Does HIPAA Protect?

May 23, 2022
Share on:

As HIPAA compliance and data teams collaborate to ensure proper compliance protocols are properly established, they must account for what PHI data is required to be protected.

With the right data protection platform, data teams should be able to filter and set up rules for protecting and accessing various data types rather than locking all of it down. So, if you’re already up to speed and interested in learning more, read on to find out what types of data HIPAA protects, and how advanced data protection solutions can help you stay on top of your HIPAA compliance obligations.

If you’re unfamiliar with the five main provisions of HIPAA, you might want to read our latest blog before moving forward.

Let’s dive in. 

The 18 Data Types

HIPAA specifies 18 data types that constitute PHI. If a document contains any of these identifiers—or even parts of the identifier—that document becomes subject to HIPAA rules. The data types in question are:

  • Names
  • Medical record numbers
  • Social Security numbers
  • Dates (not including year)
  • Telephone numbers
  • IP addresses
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers
  • Geographic data
  • Unique identifying numbers or codes
  • FAX numbers
  • Email addresses
  • Account numbers
  • Health plan beneficiary numbers
  • Web URLs
  • Device identifiers and serial numbers
  • Full face photos and similar images
  • Biometric identifiers, including fingerprints and retinal scans

It’s important to note that the HIPAA privacy rule also protects the sensitive data of deceased people for 50 years following their death, so organizations that take care of PHI need to take the necessary precautions even when handling or disposing of historical data.

How Can We Possibly Keep Track Of All That?

Fair question. Even if you’re a medium-sized business with a relatively low number of customers, keeping track of all that PHI—for every customer or patient you’ve ever come into contact with—might seem like a daunting task. If you’re a large business, the challenge is multiplied. But with an advanced, end-to-end data privacy solution, you can maximize efficiency and innovation while minimizing your compliance headaches. All you need to do is choose the right tools.

What To Look Out For

If you integrate a platform that offers authorized, role-based data access, you can make your PHI simple to use in the right hands, and almost impenetrable in the wrong ones. 

But it’s not enough to deploy a set of tools that are effective today. Because of the evolving nature of HIPAA, it’s vital to find a solution that evolves with the regulations—so you can stay compliant no matter what.

The PHI protection solutions you use also need to be compatible with your legacy software, applications, and complex dataset integrations. Otherwise, you could slow down or cripple your efforts to access and analyze healthcare analytics—decreasing efficiency and ultimately affecting the patient experience. This means it’s vital to explore whether the platform you choose has the compatibility capabilities to integrate with almost any legacy system.

Where Do We Come In?

When it comes to data access, Protegrity understands the need to combine accessibility with flexibility. With us in your corner, you can unleash the full potential of your data—giving you the foothold you need to gain an advantage over your competitors while staying HIPAA compliant. It’s time to start making the most of your data and improve patient outcomes with sensitive data protection for analytic and operational initiatives. Schedule a demo today to find out exactly how we can help you.