De-identification of Patient Information

The page below is a sample from the LabCE course Ethics and Code of Conduct in Healthcare. Access the complete course and earn ASCLS P.A.C.E.-approved continuing education credits by subscribing online.

Learn more about Ethics and Code of Conduct in Healthcare (online CE course)
De-identification of Patient Information

Sometimes an individual's health information and data are important for comparative effectiveness studies, research, policy assessments, and other uses. However, the HIPAA Privacy Rule prohibits the use of protected health information (PHI) without authorization by the individual. Therefore, the health information must be de-identified before it is used. Patient information that is de-identified is no longer considered PHI. To become de-identified, all identifiers of the individual or of relatives, employers, or household members of the individual must be removed, including:
  • Names
  • Geographic subdivisions smaller than a state
  • All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all specific ages over 89 (it is acceptable to aggregate into a single category of "age 90 or older")
  • Telephone and fax numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial numbers
  • Email and web addresses (URLs)
  • Social security numbers
  • Medical record numbers
  • Biometric identifiers, including finger and voice prints
  • Health plan beneficiary numbers
  • Full face photographs and comparable images
  • Account numbers
  • Any other unique identifying number, characteristic, or code (unless it is a code issued by the health care facility to re-identify information that was de-identified for a specific purpose).
  • Certificate/license numbers
Reference: Guidance regarding methods for de-identification of protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Available at: Accessed August 20, 2019.