Email subject line “no-no’s”
Below are the 18 PHI Identifiers designated in the HIPAA Privacy Rule § 164.514(b)(2). These
must not be used in email subject lines. These refer not only to the patient, but also to the
“relatives, employers, or household members of the individual.”
•
Names (including any part of the patient’s name or initials)
•
County, City or ZipCode
•
Dates (all elements of dates related to an individual) including:
–
Birth Date
–
Age
–
Admission Date
–
Discharge Date
–
Death Date
•
•
•
•
•
•
•
•
•
Telephone numbers
•
Fax numbers
•
Email addresses
•
Social Security Numbers
•
Medical record numbers (this would include Meditech and Athena
Numbers as well as V Numbers)
•
Health Plan Beneficiary Numbers (this would include any
insurance ID number, Medicaid ID, CHIP or STAR ID number)
•
Account numbers
Certificate or License Numbers
Vehicle identifiers and serial numbers, including license plate
numbers
Device identifiers and serial numbers (this would include any
electronic medical equipment, durable medical equipment,
implants, orthotics, or prosthesis)
Web Universal Record Locators (URLs)
Internet Protocol (IP) addresses
Biometric identifiers, including finger and voice prints
Full-face photographs and any comparable images
Any other unique identifying number, characteristic, or code. This
would include:
–
–
–
–
–
–
Claim numbers
Transcription numbers
Transaction numbers
ICD , CPT, or other diagnostic codes
Donor/recipient IDs, or subject IDs
Sex, Age, Height, or Weight