February 26, 2024

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law restricting access to individuals’ private medical information. That much, I’m sure, our readers already knew.

But you might be surprised at how much confusion remains about what constitutes “private medical information.” Based on discussions with others in our field, we’re not sure what most respondents would say if we polled providers and coders on whether the medical record number is a component of HIPAA. A new year provides a good opportunity for a quick review, since we deal with HIPAA-related issues daily.

So, what bits of data come to mind when you think of HIPAA? Patient names? Date of birth? Social Security numbers? All three of these require protection. However, 15 other pieces of information are also covered under HIPAA. Here’s the complete list from the U.S. Department of Health and Human Services:

  • Patient names
  • Geographical elements (such as a street address, city, county, or zip code)
  • Dates related to the health or identity of individuals (including birthdates, date of admission, date of discharge, date of death, or exact age of a patient older than 89)
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers
  • Device attributes or serial numbers
  • Digital identifiers, such as website URLs
  • IP addresses
  • Biometric elements, including finger, retinal, and voiceprints
  • Full-face photographic images
  • Other identifying numbers or codes1


All of the above are private information and should be treated with care. If you are sending out confidential information, remember that it always should be encrypted. Discussion of patients and patients’ information is also a HIPAA violation if it occurs in public areas, so be careful of your surroundings. Remember not to discuss a patient’s care or treatment in hallways, elevators, or other places where it might be overheard. And if you’re not sure whether certain information is protected under HIPAA, follow this one general rule: Err on the side of caution.

Don’t miss our “Ask the Experts” Q&A webinar on March 27!

Click here to register: https://zoom.us/webinar/register/WN_DR96lTB4QVWgI5b2wxmKuw
If you have an E/M coding question you’d like our experts to address during the webinar, please submit it here: https://survey.hsforms.com/1AI9VoMe-SK6MSUuAypFnmgnig0s


Got a question about E/M coding? We’d love to hear from you. Submit your questions by emailing us at coders@calmwatersai.com


Download PDF

Michelle Sergei-Casiano
Michelle Sergei-Casiano
Michelle Sergei-Casiano
Senior Manager, Regulatory and Coding Compliance