HIPAA Compliance

Learn more about HIPAA compliance and how Nightfall helps with it.

For most standard scenarios, we recommend the following Detection Rule template for HIPAA use cases. This rule has been validated and backtested across our customer base. Please reach out to Support or your CSM if you would like this loaded automatically into your account.

Logical Operator: Flag as finding if ANY of these detectors are triggered

Detector

Minimum Confidence

Minimum Threshold

US social security number (SSN)

Likely

1

US driver license

Likely

1

US passport

Likely

1

Credit card number

Likely

1

US Healthcare NPI

Likely

5

Of course, customers may choose to customize detection to meet varying definitions or risk tolerance for PHI. The HIPAA Privacy Rule outlines 18 different types of data that are considered Protected Health Information, shown in the table below alongside relevant Nightfall Detectors.

HIPAA PHI item

Nightfall Standard Detector

1

Name

Person Name

2

Geographic data (address, city, county, precinct, zip code)

Location

3

Dates related to an individual

Date of Birth

Date

4

Telephone number

Phone Number

5

Fax number

Phone Number

6

Device identifiers and serial numbers

MAC ID

IMEI Hardware ID

7

Email address

Email Address

8

Social Security number

US Social Security Number (SSN)

9

IP addresses

IP Address

10

Account numbers

Credit Card Number

11

Any other unique identifying number, characteristic, or code

Individual Taxpayer Identification Number (ITIN)

US Passport

US Driver License

12

Vehicle identifiers (VIN/license plate)

US Vehicle Identification Number (VIN)

13

Health plan beneficiary numbers

US Health Insurance Claim Number

14

Medical record numbers

US Healthcare NPI

15

Certificate/license numbers

(custom)

16

Web URLs

(custom)

17

Biometric identifiers (e.g. finger and voice print)

Not applicable

18

Full face photographs and any comparable images

Not applicable

Nightfall also offers detectors that identify information not explicitly specified in HIPAA, but which could be judged to constitute PHI (especially when appearing in combination with other identifiers, such as Name).

Potential PHI Type

Nightfall Detector(s)

Diagnostic codes

ICD9 Code

ICD9 Diagnosis Description

ICD10 Code

ICD10 Diagnosis Description

Prescription info

FDA Drug Name

Organizational IDs

US Employer ID Number