Workshop on Therapist Licensing
Engage with the community and share your thoughts.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. AutoNotes does not permit the user to utilize proper nouns, including names or identifiers. Below is a description of what determines HIPAA-identifying information that must be protected and, thus, compliant.
Health-related information not considered Protected Health Information (PHI) is personally identifiable information but not associated with or derived from a healthcare service event (such as treatment, payment, operations, or medical records) and not entered into the medical records. This type of information is called “research health information” (RHI) and is not subject to HIPAA regulations, although other human subjects protection regulations may still apply.Examples of research using only RHI and not subject to HIPAA include:
- Use of aggregated (non-individual) data.
- Diagnostic tests from which results are not entered into the medical record and are not disclosed to the subject.
- Testing conducted without any PHI identifiers.
- Additionally, health information without the 18 identifiers specified by HIPAA is not considered PHI. For example, a dataset containing only vital signs without identifiers does not constitute PHI. However, if the dataset includes an identifier such as a medical record number, then the entire dataset is considered PHI and must be protected.
The 18 identifiers considered as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) regulations are:
- All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, with certain exceptions for the initial three digits of a zip code based on population size.
- All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89; any elements of dates (including year) indicative of such age can be aggregated into a single category of age 90 or older.
- Phone numbers
- Fax numbers
- Electronic mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code, except as permitted by law.
These identifiers must be removed or managed appropriately to protect individuals’ privacy and security when handling their health information. Autonotes.ai is designed to develop compliant notes.
AutoNotes does not utilize any re-identification processes, does not allow the use of identifiable data such as names or record numbers, and does not store or use any input data to market or sell data. Personal data for your profile and account status is for billing purposes only.