Privacy Rule De-Identifiers
The HIPAA Privacy Rule provides two ways to de-identify information:
- A formal determination by a qualified statistician; or
- The removal of 18 specified identifiers of the individual and the individual's relatives, household members, and employers, and the covered entity has no actual knowledge that the remaining information could be used to identify the individual. The identifiers are:
- Names
- All geographic subdivisions smaller than a state, including country, city, street address, precinct, zip code*, and their equivalent geocodes
- All elements of dates (except year) directly related to an individual; all ages >89 and all elements of dates (including year) indicative of such age (except for an aggregate into a single category of age >90)
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social Security numbers
- Medical record numbers
- Health-plan beneficiary numbers
- Account numbers
- Certificate and license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Medical device identifiers and serial numbers
- Internet universal resource locators (URLs)
- Internet protocol (IP) addresses
- Biometric identifiers including fingerprints and voice prints
- Full-face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code, except that covered identities may, under certain circumstances, assign a code or other means of record identification that allows de-identified information to be re-identified.
Source: HHS.gov
*Zip code note: The first three digits of a zip code are excluded from the PHI list if the geographic unit formed by combining all zip codes with the same first three digits contains >20,000 persons. - [45 CFR 164.514(b)(2)(i)]