What Counts as PHI in AI Prompts? 18 Identifiers

What counts as PHI in an AI prompt - One Guy Consulting

Since HIPAA has existed, it has managed a well-defined structure for what is considered protected health information, or PHI, thanks to the 18 identifiers of PHI.

Does HIPAA Allow PHI in AI Tools?

This happens to be guidance from the government that GULP ... The Terror (No way, really? Yes, way) is useful. That is until, as only the government could do, you reach the bottom of your list of 18 identifiers of PHI, and once there, you find a 19th identifier sandwiched in there.

The point ends up being a bit lost when the last of many bullet points in a long, legal list of requirements says...

"Yeah, yeah, I know. There's 18 really cleanly laid out explanations above me that many people worked hard on to structure in this efficient way, but I'm calling an audible! That's right, from here on out I'm the big kahuna around here because I take the wind out of each of your 18 identifier sails. I basically say - Drum Roll Please - 'That anything else not part of the 18 identifiers can still be reasonably used as, you guessed it, folks - An Identifier!!'"

Excuse me, I heard you but still must reply with at least a, "HUH?!" on that dumpster fire of bureaucracy. But I digress.

Dumpster fire illustration representing HIPAA bureaucracy

The 18 Identifiers of PHI Under HIPAA

Colorful eyeglasses pattern representing the many ways to identify PHI

The 18 identifiers of PHI, as defined under HIPAA, are:

Names - Whether full name, or last name with initials.
Geographic details - Any subdivision smaller than a state, including street addresses, cities, counties, and zip codes.
Dates unique to the patient - Excluding year, like birth dates, admission or discharge dates, and dates of death.
Persons aged over 89 years - A limited enough segment of the population that they become their own identifier.
Telephone numbers
Fax numbers
Email addresses
Social Security numbers
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certificate or license numbers
Vehicle identifiers
Device identifiers and serial numbers
Web URLs
IP addresses
Biometrics - Fingerprints, voiceprints, and similar data.
Images - Full-face photos and comparable images.

These identifiers come directly from the HIPAA Privacy Rule at 45 CFR 164.514(b)(2). If any one of them appears alongside health information, it is PHI. Period.

And then there is the catch-all. Any other unique identifying number, characteristic, or code. That is identifier number 19 hiding at the bottom of the list. It means that even if you strip out all 18 identifiers above, the combination of remaining details can still qualify as PHI if it could reasonably identify a person.

This is the part that matters for AI. Staff think removing a name makes data safe. HIPAA de-identification does not work that way.

What This Looks Like in an AI Prompt

Healthcare technology network with cloud computing and medical devices

A made-up story to further the idea along in your mind's eye

You fell behind on sending in claims and plan to stay late to catch up. You know you shouldn't install software without Compliance Officer approval on your work computer, but if Claude can help with some of this work, everyone gets to go home and catch a warm dinner. So, you upload a few spreadsheets into Claude that contain PHI.

The next morning, as you sip your coffee on the way to your workstation, you notice a few police officers occupying your cubicle space. The window nearest your computer has been smashed and your work laptop was stolen before the perpetrator was apprehended.

"Did I ever fully turn my computer off last night when I left? I think I did, but I was so tired. Uh-oh," you think to yourself.

The officers inform you that, unfortunately, the computer did not ever fully power off. The light from the computer caught the burglar's attention. They swiped the laptop, and it now stands to reason that all that PHI in your Claude conversation is staring them in the face. It was the only application open besides the billing software. Oh no, that means this person just needs to scroll up in Claude to read your prompts and they will obtain all of these people's information.

See how this can go from moderately bad idea, to quite a bad idea, to possibly willful neglect that quickly?

This is exactly what a HIPAA risk assessment is supposed to catch before it happens. Devices that access PHI need disk-level encryption. Applications that touch PHI need a Business Associate Agreement. And staff need to know what counts as PHI in the first place.

What Your Staff Needs to Know

First, training is needed so the staff understands just what identifiers are. Most employees have never seen the list of 18. They assume PHI means a medical record or a lab result. It is much broader than that.

Second, it is vital to take extreme care when multi-tasking around PHI. This is how you hand someone the wrong medical record. Trust me, you don't need the headache.

Last, fess up to any mistakes that contributed to this incident immediately. This is one of those things where you're only in trouble when you don't tell us. A breach response plan only works when people report what happened.

Bottom Line

AI is still lacking nuance with regard to privacy and shouldn't be handed PHI without exhaustive model training beforehand.
Don't put PHI into an unapproved app on your work computer.
It probably won't be long before AI is engrained in the day-to-day of every healthcare worker's routine, but wait until your Compliance Officer tells you that day has come. Until then, try to only use such tools off-campus.
If you are not sure whether something counts as PHI, assume it does. Do not paste it into any AI tool.

Frequently asked questions about PHI in AI prompts

Does HIPAA ban the use of AI inside of systems which contain PHI?

Not explicitly. AI is a relatively new phenomenon, so it missed the year HIPAA was passed by a good three decades. However, part of the beauty of HIPAA being so confusing is thanks to its broad wording, it kind of functions like the elastic clause. Safeguards implemented will hopefully apply to new technologies emerging. When Anthropic finally builds the Terminator, though, all bets will be off.

We have a specialized AI for medical care that gets fed PHI. Our vendor says it's compliant and passed our vendor risk analysis. Is that good enough?

Here's how to ensure health data privacy stays private in a case like this. First, ensure you have executed a BAA with this third-party. Then, send them a vendor risk questionnaire. This audit will tell you if they have basic technical protections in place.

You also have to set up the computer this AI is used on properly. The device must be encrypted at the disk level. In Windows, use BitLocker. On a Mac, use FileVault. These handle what is called "data at rest" encryption. They do not encrypt what is called "data in transit." Be sure to confirm whose responsibility it is to encrypt data in transit and that it is enabled and working properly. For more detail, see our guide on HIPAA encryption requirements.

Long story short, implement what is mentioned above and always ensure that proverbial AI company can uphold what's in a BAA, not just sign one.

What do I do if I need to download software that was previously not approved for work in my organization?

Don't take it upon yourself to download anything before speaking with your Compliance Officer, but if they see no harm in acquiring this application, getting approval shouldn't set you back more than 10 minutes.

One Guy Consulting

One Guy Consulting helps organizations of all types interpret the HIPAA rules and apply them to their business model in a safe, modern, and efficient manner. Learn more about becoming HIPAA compliant by booking a demo with Chuck.

Thanks for stopping by and reading this article. Please let us know if we can assist you in HIPAA matters of any sort and it will be our pleasure to assist.

What Counts as PHI in AI Prompts? 18 Identifiers