HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

What Does HIPAA Protect?

The Health Insurance Portability and Accountability Act of 1996 is a set of standards that healthcare organizations must comply with, but what does HIPAA protect?

What Does HIPAA Protect?

HIPAA introduced rules that govern the uses and disclosures of health information (the HIPAA Privacy Rule) and physical, technical, and administrative safeguards that must be implemented to ensure the confidentiality, integrity, and availability of health information (the HIPA Security Rule). Essentially, these two aspects of HIPAA protect the privacy of patients and health plan members.

HIPAA also helps protect patients from harm. In the event that health information is exposed, stolen, or impermissibly disclosed, patients and health plan members must be informed of the breach to allow them to take action to protect themselves from harm, such as identity theft and fraud.

What is Protected Under HIPAA Law?

The types of information protected under HIPAA includes all health information created, used, maintained or transmitted by a HIPAA-covered entity or a business associate of a HIPAA-covered entity for treatment purposes, payment for healthcare services or healthcare operations.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Health information includes diagnoses, treatment information, test results, medications, health insurance ID numbers, and all other identifiers that allow a patient to be identified. HIPAA also covers contact information including telephone numbers, addresses, email addresses, dates of birth, and demographic information.

Any health data collected, stored, used, or transmitted by a HIPAA-covered entity that contains one of the 18 identifiers below, must be safeguarded at all times and the allowable uses and disclosures of such information are extremely limited. Generally speaking, uses and disclosures are restricted to healthcare operations, the provision of treatment or payment for healthcare.

The exception is when a prior HIPAA authorization has been obtained from a patient in which permission is granted to provide that individual’s health information to a third party or to use the information for a reason not otherwise allowed by the HIPAA Privacy Rule or if the health information has been stripped of all 18 of the above identifiers.

Personal Identifiers Under HIPAA

  1. Names (Full name or last name and first initial)
  2. Geographical identifiers
  3. Dates (other than year) directly related to an individual
  4. Phone Numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers
  13. Device identifiers and serial numbers;
  14. Website URLs
  15. IP address numbers
  16. Biometric identifiers
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.