Awareness article
18 HIPAA Identifiers
A practical guide to the 18 HIPAA identifiers and how healthcare teams can use them as a screening list when reviewing workflows and tools.
Short answer
The 18 HIPAA identifiers are the practical screening list teams use when deciding whether a workflow contains identifiable patient data. If one or more identifiers appear with health context, treat the workflow carefully.
The 18 HIPAA identifiers are the fastest screening list for patient-linked workflows. If your spreadsheet, form, export, or note includes one of these identifiers plus health context, treat the workflow as sensitive.
Common HIPAA identifiers teams miss
Healthcare teams often remember names and phone numbers, but miss:
- dates tied to the individual
- email addresses
- medical record and account numbers
- device or serial identifiers
- full-face photos and similar images
How to use the 18 HIPAA identifiers
Use the list when reviewing:
- intake forms
- spreadsheet trackers
- drive folders
- exported reports
- AI prompts
Related pages
Use PHI Examples for real-world scenarios, Google Sheets if the issue is spreadsheet use, and /resources/guides for vendor-specific follow-up.
PHI Fundamentals
Core PHI and ePHI definitions, identifiers, edge cases, and data-classification concepts healthcare teams need before tool selection.
HIPAA and Wearable Devices: When Fitbit and Apple Watch Data Is PHI
HIPAA and wearable devices: when Fitbit, Apple Watch, and Garmin data becomes PHI, what BAA obligations arise, and how FTC rules cover gaps HIPAA doesn't.
Building a HIPAA-Compliant AI Use Policy for Your Clinic
How to build a HIPAA-compliant AI use policy for your clinic: approved tools, BAA requirements, prohibited inputs, staff training, and OCR's guidance on AI.
Sources