HIPAA Compliance

Learn more about HIPAA compliance and how Nightfall helps with it.

For most standard scenarios, we recommend the following Detection Rule template for HIPAA use cases. This rule has been validated and backtested across our customer base. Please reach out to Support or your CSM if you would like this loaded automatically into your account.

Logical Operator: Flag as finding if ANY of these detectors are triggered

Detector
Minimum Confidence
Minimum Threshold
US social security number (SSN)
Likely
1
US driver license
Likely
1
US passport
Likely
1
Credit card number
Likely
1
US Healthcare NPI
Likely
5
Of course, customers may choose to customize detection to meet varying definitions or risk tolerance for PHI. The HIPAA Privacy Rule outlines 18 different types of data that are considered Protected Health Information, shown in the table below alongside relevant Nightfall Detectors. 

​
HIPAA PHI item
Nightfall Standard Detector
1
Name
Person Name
2
Geographic data (address, city, county, precinct, zip code)
Location
3
Dates related to an individual
Date of Birth
Date
4
Telephone number
Phone Number
5
Fax number
Phone Number
6
Device identifiers and serial numbers
MAC ID
IMEI Hardware ID
7
Email address
Email Address
8
Social Security number
US Social Security Number (SSN)
9
IP addresses
IP Address
10
Account numbers
Credit Card Number
11
Any other unique identifying number, characteristic, or code
Individual Taxpayer Identification Number (ITIN)
US Passport
US Driver License
12
Vehicle identifiers (VIN/license plate)
US Vehicle Identification Number (VIN)
13
Health plan beneficiary numbers
US Health Insurance Claim Number
14
Medical record numbers
US Healthcare NPI
15
Certificate/license numbers
(custom)
16
Web URLs
(custom)
17
Biometric identifiers (e.g. finger and voice print)
Not applicable
18
Full face photographs and any comparable images
Not applicable
Nightfall also offers detectors that identify information not explicitly specified in HIPAA, but which could be judged to constitute PHI (especially when appearing in combination with other identifiers, such as Name).

Potential PHI Type
Nightfall Detector(s)
Diagnostic codes
ICD9 Code
ICD9 Diagnosis Description
ICD10 Code
ICD10 Diagnosis Description
Prescription info
FDA Drug Name
Organizational IDs
US Employer ID Number

Compliance - Previous

SOC 2 Compliance

Next - Compliance

PCI Compliance

Last updated 2 weeks ago

Detector	Minimum Confidence	Minimum Threshold
US social security number (SSN)	Likely	1
US driver license	Likely	1
US passport	Likely	1
Credit card number	Likely	1
US Healthcare NPI	Likely	5

	HIPAA PHI item	Nightfall Standard Detector
1	Name	Person Name
2	Geographic data (address, city, county, precinct, zip code)	Location
3	Dates related to an individual	Date of Birth Date
4	Telephone number	Phone Number
5	Fax number	Phone Number
6	Device identifiers and serial numbers	MAC ID IMEI Hardware ID
7	Email address	Email Address
8	Social Security number	US Social Security Number (SSN)
9	IP addresses	IP Address
10	Account numbers	Credit Card Number
11	Any other unique identifying number, characteristic, or code	Individual Taxpayer Identification Number (ITIN) US Passport US Driver License
12	Vehicle identifiers (VIN/license plate)	US Vehicle Identification Number (VIN)
13	Health plan beneficiary numbers	US Health Insurance Claim Number
14	Medical record numbers	US Healthcare NPI
15	Certificate/license numbers	(custom)
16	Web URLs	(custom)
17	Biometric identifiers (e.g. finger and voice print)	Not applicable
18	Full face photographs and any comparable images	Not applicable

Potential PHI Type	Nightfall Detector(s)
Diagnostic codes	ICD9 Code ICD9 Diagnosis Description ICD10 Code ICD10 Diagnosis Description
Prescription info	FDA Drug Name
Organizational IDs	US Employer ID Number