Is PII protected by HIPAA?



piiPersonal identifiable information is any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources to uniquely identify a person. Some PII is classified as sensitive and some information is not.

PII is considered sensitive when it is disclosed and can result in harm to the individual whose name or identity is linked to the information. In determining whether or not PII is sensitive (and therefore subject to HIPAA laws of privacy), the context in which the information is given must be taken into consideration. For example, a list of subscribers to a newsletter is not PII; a list of people receiving treatment for a medical condition is.

PII elements can create the need for protection as well. For example, an individual’s name would be considered sensitive PII when grouped with their mother’s maiden name and date of birth but these elements would not be considered sensitive if given independent to each other.

The following types of PII are considered sensitive and must always be protected when electronically submitted:

  • Place of birth
  • Date of birth
  • Mother’s maiden name
  • Biometric information (identification of humans by their characteristics or traits)
  • Medical information
  • Personal financial information
  • Credit card or purchase card account numbers
  • Passport numbers
  • Potentially sensitive employment information, such as disciplinary actions or personnel ratings
  • Criminal history
  • Any information that may stigmatize or adversely affect a person

Social security numbers, including abbreviations are always considered sensitive whether given independently or with other elements.

Even if PII is not considered sensitive in a particular scenario, it does not mean it can be publicly released. The choice to publicly release any information can only be made by the official authorized to make such decisions.  The electronic transmission of non-sensitive PII is equivalent to transmitting the same information via U.S. mail, a private delivery service, courier, fax or voice.  Although each of these deliveries has vulnerabilities, the transmitted information can only be compromised as a result of theft, fraud, or other illegal activity.

How Shred Nations Protects PII

One of the easiest ways to protect yourself against PII breaches is to securely destroy documents. Make sure to never toss out any documents containing any of the information listed above. It is best to shred these documents to ensure your safety.

If you need help making sure you are protected from breaches, call Shred Nations at (800) 747-3365 or fill out the form to the right for a FREE no obligations quote in minutes! We can help you securely destroy your documents, so that you can avoid the risks of PII breaches.