We developed our Data Classification Reference Guide to help you determine the level of protection for different types of data and the storage option that would be appropriate for that classification. View the Guide
Data Classification
The following 18 data elements must be removed for data to be considered de-identified.
1. Names
2. All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP Code, and equivalent geographical codes, except for the initial three digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census:
- The geographic unit formed by combining all ZIP Codes with the same three initial digits contains more than 20,000 people
- The initial three digits of a ZIP Code for all such geographic units containing 20,000 or fewer people are changed to 000.
3. All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP Code, and equivalent geographical codes, except for the initial three digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census:
- The geographic unit formed by combining all ZIP Codes with the same three initial digits contains more than 20,000 people
- The initial three digits of a ZIP Code for all such geographic units containing 20,000 or fewer people are changed to 000.
4. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.
5. Telephone numbers
6. Facsimile numbers
7. Electronic mail addresses
8. Social security numbers
9. Medical record numbers
10. Health plan beneficiary numbers
11. Account numbers
12. Certificate/license numbers
13. Vehicle identifiers and serial numbers, including license plate numbers
14. Device identifiers and serial numbers
15. Web universal resource locators (URLs)
16. Internet protocol (IP) address numbers
17. Biometric identifiers, including fingerprints and voiceprints
18. Full-face photographic images and any comparable images
Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for re-identification.
A limited data set is described as health information that excludes certain, listed direct identifiers, but that may include city; state; zip code; elements of date; and other numbers, characteristics, or codes not listed as direct identifiers. The direct identifiers listed in the Privacy Rule's limited data set provisions apply both to information about the individual and to information about the individual's relatives, employers, or household members. The following identifiers must be removed from health information if the data are to qualify as a limited data set:
- Names
- Postal address information, other than town or city, state, and ZIP Code
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web universal resource locators (URLs)
- Internet protocol (IP) address numbers
- Biometric identifiers, including fingerprints and voiceprints
- Full-face photographic images and any comparable images