Protected Health Information (PHI) Examples and the HIPAA Safe Harbor Method

Protected health information (PHI) refers to any data that can identify an individual and relates to their physical or mental health, healthcare services, or payment for care. Common protected health information examples include patient names linked to diagnoses, medical record numbers associated with lab results, insurance member IDs used for billing, and dates of service tied to an identifiable individual.

In modern healthcare, understanding what qualifies as PHI is critical, as improper handling of this data can result in regulatory penalties, operational risk, and loss of patient trust. At the same time, healthcare organizations rely on data to support analytics, research, and operational decision-making, creating tension between data utility and privacy protection.

To address this challenge, HIPAA establishes clear standards for de-identifying protected health information. The HIPAA Safe Harbor method has emerged as the most widely used, rule-based framework for removing specific identifiers so that data is no longer considered PHI while remaining useful for secondary purposes.

TL;DR: HIPAA Safe Harbor and PHI De-Identification

The HIPAA Safe Harbor method allows healthcare organizations to use and share data without it being considered protected health information (PHI), as long as 18 specific identifiers are removed and there is no actual knowledge that the data could identify a patient.

What it does: De-identifies PHI by removing names, dates, locations, IDs, and other direct or indirect identifiers

Why it matters: Properly de-identified data is no longer subject to HIPAA Privacy Rule restrictions

When to use it: Ideal for research, analytics, reporting, and secondary data use where patient identity is not required

Key tradeoff: Simplicity and legal clarity come at the cost of reduced data granularity

Safe Harbor is the most widely used, rule-based approach to HIPAA de-identification, making it easier to implement, audit, and scale than expert determination methods.

What Is Protected Health Information (PHI)?

Protected health information refers to any information in a medical record that can be used to identify an individual and is linked to their physical or mental health, care, or payment for care. It includes data created, used, or disclosed in the course of providing a healthcare service.

Examples of Protected Health Information

Protected health information includes many types of data commonly used across healthcare operations when that data can be linked to an identifiable individual. The following are practical, real-world examples of PHI under HIPAA:

Direct identifiers combined with health data

• A patient’s full name is listed alongside a diagnosis or treatment plan
• A medical record number associated with laboratory test results
• An insurance member ID is used to process healthcare claims

Clinical and care-related information

• Physician notes documenting a patient’s physical or mental health condition
• Prescription histories tied to a specific individual
• Imaging results, such as X-rays or MRIs, linked to a patient profile

Administrative and financial information

• Billing statements showing services rendered to an identifiable patient
• Payment records connected to a specific healthcare encounter
• Appointment schedules that include patient names and dates of service

Indirect identifiers that can still reveal identity

• Dates of admission and discharge combined with geographic information
• ZIP codes or IP addresses associated with patient portal activity
• Device identifiers used in remote patient monitoring systems

Each of these examples constitutes protected health information unless the data has been properly de-identified in accordance with HIPAA standards.

What Is Data De-Identification Under HIPAA?

De-identification plays a crucial role in ensuring compliance with HIPAA’s Privacy Rule. It encompasses the process of removing, masking, or transforming personal identifiers so that the remaining dataset cannot be used to identify an individual. 

Once data has been properly de-identified, it is no longer classified as PHI under HIPAA and is therefore no longer subject to the Privacy Rule’s restrictions on use and disclosure. The primary goal of de-identification is to unlock the value of healthcare data while protecting patient privacy. This enables organizations to analyze and share information without regulatory constraints. 

While de-identified data can support a wide range of lawful industries—including financial modeling, consumer insights, and audience segmentation—it must always be used responsibly, with safeguards to prevent re-identification. This should be particularly useful when applied in contexts like marketing or business intelligence that benefit from large-scale, privacy-preserving datasets.

What Is the HIPAA Safe Harbor Method?

When it comes to de-identification, the Safe Harbor method serves as the most straightforward and operationally accessible path, offering a clear, itemized checklist of 18 identifiers that must be removed or generalized to classify data as de-identified. 

Safe Harbor vs. Expert Determination
Unlike the Expert Determination method—which requires a qualified statistical professional to assess re-identification risk using formal analysis—Safe Harbor is entirely prescriptive, eliminating the need for specialized expertise and enabling internal teams to apply the standard consistently at scale. This rule-based structure makes it more widely preferred because it’s easier to audit, faster to implement, and less prone to subjective interpretation—all while providing strong privacy protection when executed correctly. 

However, Safe Harbor only applies if the covered entity has no actual knowledge that the remaining data—after identifier removal—could still be used to identify a patient, underscoring that de-identification is not just about following the checklist, but also about ensuring there is no known, realistic path to re-identification.

The 18 HIPAA Identifiers Removed Under Safe Harbor

When utilizing the Safe Harbor approach, it’s essential that all 18 HIPAA identifiers are removed, as even a single remaining identifier can compromise the effectiveness of the entire system. Before analyzing or sharing patient data, organizations must validate the complete exclusion of the following fields: 

1. Names
2. All geographic subdivisions smaller than a state (including street address, city, county, precinct, and ZIP code rules)
3. All elements of dates (except year) for dates directly related to an individual (including birth date, admission date, discharge date, date of death, and all ages over 89)
4. Telephone numbers
5. Fax numbers
6. Email addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers
13. Device identifiers and serial numbers
14. Web Universal Resource Locators (URLs)
15. Internet Protocol (IP) addresses
16. Biometric identifiers, including finger and voice prints
17. Full-face photographs and any comparable images
18. Any other unique identifying number, characteristic, or code

Benefits and Limitations of the Safe Harbor Method

Many healthcare organizations prefer the Safe Harbor method for its clear, rule-based simplicity and ease of internal implementation, but it also comes with potential drawbacks that can impact data usability or require extra governance. Review the pros and cons listed below to help determine if this approach is the right fit for your team and objectives.

Benefits of Safe Harbor De-Identification

• Unlock Secondary Use — Enables healthcare organizations to use fully de-identified data for research, public health studies, and comparative effectiveness assessments without needing patient authorization or consent.
• Reduced Liability — Significantly minimizes regulatory, financial, and breach-notification risk because properly de-identified data is no longer considered PHI.
• Fostering Innovation — Accelerates innovation by allowing privacy-preserving datasets to be safely shared across internal teams like marketing or product development, or with external partners.

Limitations and Tradeoffs of Safe Harbor

• Loss of Data Granularity — Requires removal or broad generalization of identifiers like dates and locations, which can reduce the analytical precision of certain datasets.
• Operational Overhead for Validation — Demands strict internal processes to confirm all 18 identifiers are fully removed and that the organization has no actual knowledge of re-identification pathways.

Managing De-Identified PHI Securely with Knack

If HIPAA’s Safe Harbor method sounds like the right choice for your organization, adopting a compliant no-code data platform can dramatically simplify the process of managing secure, de-identified datasets. While understanding Safe Harbor is essential, it’s equally critical that the tools used to store and process the data meet regulatory standards and maintain robust safeguards throughout the data lifecycle.

That’s where Knack steps in, acting as a powerful HIPAA-compliant solution that offers unrivaled ease of use and a rich set of features that includes:

• Production-Ready Security — Provides a HIPAA-compliant environment with SOC 2 Type II certification, ensuring that sensitive healthcare data is stored and processed securely.
• Controlled Access — Users can build custom dashboards that display only de-identified data to selected team members while keeping the original PHI restricted and protected.
• AI-Powered Development — An AI assistant helps structure complex databases quickly, maintaining accurate data relationships even after identifiers are removed for de-identification.

Start building your production-ready, HIPAA-compliant app with Knack today and securely unlock the full potential of your healthcare data.