Protected health information is considered individually identifiable if it includes

"individually identifiable health information"
1. the individual's past, present or future physical or mental health or condition,
2. the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
3. that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual
- Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

Table of Contents Show

What Health Information Is Protected by the Privacy Rule?
What are considered individually identifiable health information?
What items are considered protected health information?
What is not individually identifiable health information?
What does individually identifiable mean?

Sets with similar terms

The HIPAA privacy rule sets forth policies to protect all individually identifiable health information that is held or transmitted.
When personally identifiable information is used in along with a physical or mental health or condition, health care, or one’s payment for that health care, it becomes Protected Health Information (PHI).

Individually Identifiable Information elements are protected by HIPAA Laws.

These are the 18 HIPAA Identifiers that are considered personally identifiable information and can be used to identify, contact, or locate a single person or can be used with other sources to identify a single individual.

Name
Address (all geographic subdivisions smaller than the state, including street address, city-county, and zip code)
All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89)
Telephone numbers
Fax number
Email address
Social Security Number
Medical record number
Health plan beneficiary number
Account number
Certificate or license number
Any vehicle or other devices serial number
Web URL
Internet Protocol (IP) Address
Finger or voice print
Photographic image – Photographic images are not limited to images of the face.
Any other characteristic that could uniquely identify the individual.

These identifiers must be treated with special care.

Source: https://www.luc.edu/its/itspoliciesguidelines/hipaainformation/18hipaaidentifiers/

What Health Information Is Protected by the Privacy Rule?
Key Points:
With certain exceptions, the Privacy Rule protects a subset of individually identifiable health information, known as protected health information or PHI, that is held or maintained by covered entities or their business associates acting for the covered entity.
The Privacy Rule does not protect individually identifiable health information that is held or maintained by entities other than covered entities or business associates that create, use, or receive such information on behalf of the covered entity.
To understand the possible impact of the Privacy Rule on their work, researchers will need to understand what individually identifiable health information is and is not protected under the Rule. With certain exceptions, the Privacy Rule protects a certain type of individually identifiable health information, created or maintained by covered entities and their business associates acting for the covered entity. This information is known as �protected health information� or PHI.
The Privacy Rule defines PHI as individually identifiable health information, held or maintained by a covered entity or its business associates acting for the covered entity, that is transmitted or maintained in any form or medium (including the individually identifiable health information of non-U.S. citizens). This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse. For purposes of the Privacy Rule, genetic information is considered to be health information.
There are, however, instances when individually identifiable health information held by a covered entity is not protected by the Privacy Rule. The Rule excludes from the definition of PHI individually identifiable health information that is maintained in education records covered by the Family Educational Right and Privacy Act (as amended, 20 U.S.C. 1232g) and records described at 20 U.S.C. 1232g(a)(4)(B)(iv), and employment records containing individually identifiable health information that are held by a covered entity in its role as an employer.
A critical point of the Privacy Rule is that it applies only to individually identifiable health information held or maintained by a covered entity or its business associate acting for the covered entity. Individually identifiable health information that is held by anyone other than a covered entity, including an independent researcher who is not a covered entity, is not protected by the Privacy Rule and may be used or disclosed without regard to the Privacy Rule. There may, however, be other Federal and State protections covering the information held by these entities that limit its use or disclosure.
When health information is individually identifiable and is held by a covered entity, it is likely to be PHI. In contrast, the HHS Protection of Human Subjects Regulations describe �private information� as including information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public (for example, a medical record). Under the HHS Protection of Human Subjects Regulations, private information must be individually identifiable (i.e., the identity of the subject is or may readily be ascertained by the investigator or associated with the information) in order for obtaining the information to constitute research involving human subjects unless data are obtained through intervention or interaction with the individual.

Area of Distinction HIPAA Privacy Rule HHS Protection of Human Subjects Regulations Title 45 CFR Part 46 FDA Protection of Human Subjects Regulations Title 21 CFR Parts 50 and 56
Identifiable Information Defines PHI as individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational and employment records. Private information must be individually identifiable in order for obtaining the information to constitute research involving human subjects. Individually identifiable means the identity of the subject is or may readily be ascertained by the investigator or associated with the information. Title 21 CFR Parts 50 and 56 do not define individually identifiable health information.

What are considered individually identifiable health information?

“Individually identifiable health information” is information, including demographic data, that relates to: the individual's past, present or future physical or mental health or condition, the provision of health care to the individual, or.

What items are considered protected health information?

Protected health information (PHI) is the demographic information, medical histories, laboratory results, physical records, mental health conditions, insurance information, and other data that a healthcare professional collects to identify an individual and determine appropriate care.

What is not individually identifiable health information?

If the information is not individually identifiable, such as healthcare research information that only identifies a particular population, not individuals, then it is not protected by HIPAA. In research, this can get complicated, and further inquiry should be made when seeking a determination on a small population.

What does individually identifiable mean?

Individually identifiable means that the Medical Information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the patient's name, address, electronic mail address, telephone number, or social security number, or other information that, ...