โData is the foundation, and personalization is the outcome.โ
Only clean data can provide personalization through your ad campaigns. As a healthcare marketer, you need to be more conscious about your user data than ever before.
Why? Since you deal with sensitive health information, such as PHI and PII, it is crucial that you protect your users’ privacy.
Scrubbing PHI or hashing PII isnโt just a legal requirement; itโs how you stay compliant and competitive. It keeps patientsโ information safe, but it also opens the door to responsible, privacy-first marketing.
This guide will walk you through the 18 PHI (Protected Health Information) identifiers, show you how they impact your campaigns, and give you practical steps to stay compliant with HIPAA.
The consequences can be serious, but the good news is, with the right knowledge, you can avoid them.
Before jumping to a conclusion, first know what makes it โprotected informationโ under HIPAA.
What Is Protected Health Information (PHI)?
PHI is any data connected to an individual’s health that can identify them, more than just medical records. It includes anything linking a person to their care, diagnosis, or payment, such as dates, locations, or contact info.
If you are handling patient emails or phone numbers linked to health services, youโre working with PHI, whether you realize it or not. Itโs crucial to distinguish PHI from PII, a difference that greatly impacts how you manage data and design campaigns.
PHI vs. PII: The Distinction that Matters
- PII (Personally Identifiable Information) is the data that identifies a person, like an email or phone number.
E.g.: Phone number, email for a newsletter. - PHI (Protected Health Information) is the data that relates a personโs identity (PII) to their health details.
E.g., email or phone number associated with diagnosis for thyroid treatment or any health condition.
Note: Collecting PHI or PII is no offense against HIPAA. (You just shouldnโt send it to Meta without hashing or scrubbing them; thatโs where youโll cross the line.)
This distinction matters a lot in marketing. If youโre running ads and only using PII, you have more flexibility over ad campaigns.
To stay compliant (and avoid costly mistakes), you need to know exactly what the law considers PHI.
Letโs break down the full list of 18 PHI identifiers and, more importantly, how each one could quietly trip up your marketing campaigns.
Deep Dive: The Full List of 18 PHI Identifiers
Hereโs the official list of 18 PHI identifiers under HIPAA. If any of these are present in your data, and theyโre linked to health information, youโre handling PHI.
The above image lists the 18 PHI identifiers. However, the top 7 phi identifiers that healthcare marketers encounter are: Names, geographic data, dates, phone numbers, email addresses, web URLs, IP addresses, and sometimes photos.
โOne PHI identifierโ is enough to get your ad accounts blocked forever.
Impact of PHI Identifiers on Ad campaigns
Letโs break down the identifiers youโre most likely to encounter and what you should do about them.
1. Names – Name of a person or patient
Why it matters: A personโs name (PII) can be potentially collected through a health-related form or any lead form. This lead form would also be collecting information about the health-related symptoms or conditions (PHI). This gets tracked by the pixel or sent via server-side CAPI to ad platforms. This combination becomes sensitive data and results in Meta blocking your ad account.
What to do: You can collect the data. However, donโt send the form_submission events data to ad platforms because they can reveal personal info. Instead, hide or remove names from forms before sharing data with ad platforms.
Pro tip: If you are a healthcare marketer, remove your pixel; it is the silent culprit.
2. Geographic Data – Smaller Than a State
Why it matters: Sending full ZIP codes or city-level locations alongside someoneโs health information might seem harmless, but it can violate Metaโs advertising policies. When combined, these data points can start to identify individuals, which crosses a privacy line that Meta takes seriously.
What to do: Follow Safe Harbor guidelines by only sharing 3-digit ZIP codes, and populations over 20,000 will be safer to use geographic data. This helps protect user privacy and keeps your tracking compliant.
Pro Tip: If you think the Safe Harbor method is time-consuming, then hereโs the shortcut
3. All Elements of Dates (Except Year)
Why it matters: Sharing things like birth dates, admission dates, or appointment times might seem routine, but when paired with health-related data, they become sensitive identifiers. Meta sees this as a privacy risk, which can get your ad campaigns flagged or restricted.
What to do: To stay compliant, only collect the month and year; strip out specific dates like exact birth or appointment days from your tracking systems to avoid triggering privacy violations.
4. Phone Numbers
Why it matters: When someone enters their phone number in a health form, itโs not just contact info anymore; itโs linked to their health condition. Sharing this prohibited data with Meta is a privacy risk, which can trigger ad restrictions or policy violations.
What to do: Always hash phone numbers (PII) before sharing them with ad platforms like Meta. And avoid auto-filling them into remarketing tools, where they can easily be linked back to health data.
Pro Tip: Donโt send Direct PII to Meta. Always hash them with SHA-256.
5. Email Addresses
Why it matters: An email alone is just PII. When direct PII & PHI data is shared with Meta via pixel, Conversions API, or even CRM integrations, it doesnโt just flag policy violations. It triggers Metaโs automated PHI detection systems, puts your account under scrutiny, and can lead to ad rejections, learning phase disruptions, or full account disablement.
What to do: Always hash emails before adding them to custom audiences, and never send email addresses directly through pixels to keep peopleโs info safe.
Pro tip: Use privacy-compliant event parameters like user_id or hashed emails for retargeting, not raw contact info. Meta doesnโt need to see who the person is to optimize.
6. Social Security Numbers (SSNs)
Why it matters: Even if youโre not directly collecting Social Security Numbers, sharing them alongside marketing data is a serious no-go. Itโs a major privacy violation that can cause big trouble for your campaigns and your brandโs trust.
What to do: Never keep or track Social Security Numbers in your analytics, CRM, or ad tools. Ensure that you remove them to protect your privacy.
7. Medical Record Numbers
Why it matters: Sharing patient IDs in URLs, CRM links, or API data might expose someoneโs medical history. These IDs directly connect to personal health information, so itโs essential to keep them secure and out of public or marketing channels.
What to do: Before sending data to analytics or ads, remove medical record numbers and use neutral or coded IDs instead to keep things private and secure.
8. Health Plan Beneficiary Numbers
Why it matters: Even without direct details, this info can hint at someoneโs health conditions or treatments just by the type of plan they have.
What to do: Make sure to remove it right when you capture leads to keep things safe.
9. Account Numbers
Why it matters: Patient portal accounts or health app IDs might seem like just usernames, but when tied to health info, they can reveal someoneโs identity. Thatโs why itโs important to keep these IDs secure and avoid sharing them with marketing platforms.
What to do: Avoid putting account numbers in URLs, cookies, or UTM tags. Use anonymous session tracking to protect user privacy.
10. Certificate/License Numbers
Why it matters: Licenses like medical professional IDs or patient cards, such as cannabis cards, might seem like simple credentials, but they can reveal a lot about someoneโs health. Itโs important to handle them with care and keep them out of marketing data.
What to do: Try not to collect license or certificate IDs in your campaigns, especially when theyโre linked to things like prescriptions. Keeping this info out helps protect peopleโs privacy and keeps your ads compliant.
11. Vehicle Identifiers and Serial Numbers
Why it matters: Sometimes license plate numbers from healthcare transport vehicles get captured by accident in photos or forms. Even though it might seem harmless, this info can be sensitive, so itโs best to avoid collecting or sharing it in any marketing materials.
What to do: Avoid tracking or saving this kind of info altogether. If it appears in images or forms, make sure to blur or hide it to keep peopleโs privacy safe.
12. Device Identifiers or Serial Numbers
Why it matters: Device IDs from things like wearables or health apps might seem harmless on their own, but when combined, they can reveal personal health information. Thatโs why this kind of data needs to be handled carefully to protect privacy and stay compliant.
What to do: Use anonymized device IDs to keep things private, and avoid mixing device data with health details in your tracking. This helps protect peopleโs information and keeps your marketing compliant.
13. Web URLs
Why it matters: URLs that include details like /conditions/hypertension/thank-you?name=John can accidentally reveal personal health info through the web address. Itโs important to avoid putting sensitive info in URLs to keep data private and secure.
What to do: Always keep URLs free of personal info; never include health conditions or names in the parts sent to analytics or pixels. This helps protect privacy and keeps your data safe.
Pro Tip: Scrub the sensitive data, such as the condition name, from the URLs before sending them to Meta.
14. IP Addresses
Why it matters: If someoneโs IP address is recorded when they visit a health-related page, it can be considered personal health information. So, itโs important to handle IP data carefully to protect privacy.
What to do: Use IP anonymization options in tools like GA4 to keep visitor data private. Avoid storing or sharing full IP addresses in your marketing systems to protect peopleโs privacy.
15. Biometric Identifiers (Fingerprints, Voiceprints, etc.)
Why it matters: Some health apps let users log in using their voice or fingerprint, which feels convenient but also means very sensitive data is involved. If that biometric info gets leaked, itโs a major HIPAA violation and a huge privacy risk. So itโs crucial to keep this data locked down tight.
What to do: Steer clear of marketing that mentions biometric data, and never use this info to personalize ads. Keeping biometric details out of your campaigns helps protect privacy and stay compliant.
16. Full-Face Photos and Similar Images
Why it matters: If a photo clearly shows someoneโs identity in a health-related context, it counts as personal health information. That means you need to handle it carefully to respect their privacy and stay compliant.
What to do: Always get clear permission before using testimonials with photos, and blur or hide patient images to protect their privacy.
17. Any Other Unique Identifying Number, Characteristic, or Code
Why it matters: Internal patient IDs, cookie IDs, or CRM tags might just seem like codes, but when they can be linked back to someoneโs health information, they become protected health info (PHI). Itโs important to treat these identifiers carefully to keep personal data secure and compliant.
What to do: Always hash internal IDs and never connect them to health data across different platforms to keep info safe and private.
18. Device or Media Serial Numbers
Why it matters: Even something like a diagnostic machineโs serial number can point back to a patient if itโs linked to their records. While it might seem harmless, this kind of info can indirectly reveal who they are, so it needs to be protected.
What to do: Make sure device or media serial numbers never show up in analytics, ad platforms, or any public reports. Keeping these details private helps protect peopleโs information.
Once youโve flagged and stripped risky data, the next step is making sure what does get sent is HIPAA-safe.
Steps to Build Campaigns to Be HIPAA Compliant
1. Run a PHI Identifier Checklist on Your Campaign Data
Before you send any data to Meta (via pixel or Conversions API), audit it against the 18 HIPAA identifiers. This means checking:
- Event names (e.g., Book Appointment)
- URL parameters (e.g., /treatment/diabetes)
- Form fields (especially location, full name, dates)
Personal tipโve found that a simple spreadsheet checklist can catch most issues before they become problems.
2. Build a Workflow to Flag & Strip PHI
Set up a system that:
- Identifies risky event parameters (like ZIP + condition + visit date)
- Strips out sensitive data before sending to Meta or CRMs
- Ensures your marketing team, tech team, and agency are all on the same page
First-party data tools can help automate this workflow, which will be time-effective.
3. Pseudonymize, Donโt Personalize
Instead of directly sending emails, names, or device IDs, use:
- Hashed identifiers (SHA-256) for emails/phones
- Anonymous cohorts for retargeting (e.g., โvisited wellness pageโ)
- Custom user IDs that are pseudonymized, not tied to actual PHI
This way, you can still:
- Track customer journeys
- Run re-engagement campaigns
- Optimize conversions using first-party data
These are the steps that are going to save you a lifetime in healthcare marketing.
But, the truth is, you can fast-forward the whole process with just a toggle-on
Conclusion
Mastering the 18 PHI identifiers isnโt just about avoiding fines; itโs about building trust and running smarter, safer campaigns.
Since we have worked with several clients and have the experience that we hold, the marketers who treat compliance as a competitive advantage are the ones who win in the long run.
Privacy-first strategies arenโt just the future; theyโre the present. Start now, and youโll be ready for whatever comes next.
