Q&A: Birthdays and protected health information

Q: Does sending a generic “happy birthday” postcard to patients during their birthday month violate HIPAA rules? 

A: No, this is not a HIPAA violation, since you are not disclosing the patient’s actual birth date.

The patient’s full birth date is considered protected health information (PHI). The HIPAA Privacy Rule defines PHI as all individually identifiable health information, which is a subset of health information including demographic information that identifies the individual or could be used to identify the individual (45 CFR §160.103).

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, is a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. She is also an advisory board member for BOH. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Heidi Samuelson at hsamuelson@hcpro.com.