Nightfall
HomeLoginDeveloper PlatformContact Us
Search…
Introduction
Why Cloud DLP?
Product Updates
Operationalizing DLP
Informing & Coaching Business Users
Running Historical Scans
Alert Management Guiding Principles
Integrating with Security Tools
Detection Engine
Getting Started
How Detection Works
Detectors
Detection Engine FAQs
Evaluating Detection
Nightfall for Slack
Nightfall for Slack: Demo Video
Getting Started
Alert Management
Remediation Guide
Nightfall for Slack Overview
FAQs
Nightfall for GitHub
Real-Time Scanning
Historical Scanning
Nightfall for GitHub Overview
Radar API Reference
Exporting Reports & Results
Integrating Webhook Endpoints
Integrating with Jira
Remediation Guide
Managed Services
FAQs
NIGHTFALL FOR GOOGLE DRIVE
Getting Started
Alert Management
Nightfall for Google Drive Overview
Remediation Guide
Historical Scanning
Demo Walkthrough Video
Nightfall for Confluence
FAQs
Getting Started
Real Time Scanning
Historical Scanning
Alert Management
Remediation Guide
Nightfall for Jira
Nightfall for Jira Overview
Jira Remediation Guide
Getting Started
Nightfall For Salesforce
Getting Started
FAQs
Account Management
User Administration
Authentication Options
Compliance
SOC 2 Compliance
HIPAA Compliance
PCI Compliance
Resources
FAQs
Login to Nightfall
Developer Platform
Platform Status
Contact Us
Powered By GitBook
HIPAA Compliance
Learn more about HIPAA compliance and how Nightfall helps with it.
For most standard scenarios, we recommend the following Detection Rule template for HIPAA use cases.
This rule has been validated and backtested across our customer base. Please reach out to Support or your CSM if you would like this loaded automatically into your account.
Of course, customers may choose to customize detection to meet varying definitions or risk tolerance for PHI. The HIPAA Privacy Rule outlines 18 different types of data that are considered Protected Health Information, shown in the table below alongside relevant Nightfall Detectors.
HIPAA PHI item
Nightfall Standard Detector
1
Name
Person Name
2
Geographic data (address, city, county, precinct, zip code)
Location
3
Dates related to an individual
Date of Birth
Date
4
Telephone number
Phone Number
5
Fax number
Phone Number
6
Device identifiers and serial numbers
MAC ID
IMEI Hardware ID
7
Email address
Email Address
8
Social Security number
US Social Security Number (SSN)
9
IP addresses
IP Address
10
Account numbers
Credit Card Number
11
Any other unique identifying number, characteristic, or code
Individual Taxpayer Identification Number (ITIN)
US Passport
US Driver License
12
Vehicle identifiers (VIN/license plate)
US Vehicle Identification Number (VIN)
13
Health plan beneficiary numbers
US Health Insurance Claim Number
14
Medical record numbers
US Healthcare NPI
15
Certificate/license numbers
(custom)
16
Web URLs
(custom)
17
Biometric identifiers (e.g. finger and voice print)
Not applicable
18
Full face photographs and any comparable images
Not applicable
Nightfall also offers detectors that identify information not explicitly specified in HIPAA, but which could be judged to constitute PHI (especially when appearing in combination with other identifiers, such as Name).
Potential PHI Type
Nightfall Detector(s)
Diagnostic codes
ICD9 Code
ICD9 Diagnosis Description
ICD10 Code
ICD10 Diagnosis Description
Prescription info
FDA Drug Name
Organizational IDs
US Employer ID Number
Compliance - Previous
SOC 2 Compliance
Next - Compliance
PCI Compliance
Last modified 11mo ago
Copy link