PHI Compliance Checker
Instructions
When checking for PHI, scan for these 18 HIPAA identifiers:
- •Names
- •Geographic data (addresses, zip codes)
- •Dates (birth, admission, discharge, death)
- •Phone numbers
- •Fax numbers
- •Email addresses
- •Social Security numbers
- •Medical record numbers
- •Health plan beneficiary numbers
- •Account numbers
- •Certificate/license numbers
- •Vehicle identifiers and serial numbers
- •Device identifiers and serial numbers
- •Web URLs
- •IP addresses
- •Biometric identifiers
- •Full-face photographs
- •Any other unique identifying number or code
Review Process
- •Scan all files for hardcoded PHI
- •Check logs for potential PHI exposure
- •Verify PHI is encrypted at rest and in transit
- •Ensure proper access controls exist
- •Flag any PHI in comments, test data, or configuration files
Report Format
List each finding with file location, PHI type, and remediation recommendation.