Summary of article from The HIPAA Journal, by Steve Adler:
HIPAA mandates unique identifiers for employers, health plans, and healthcare providers to enhance transaction efficiency and reduce administrative costs, though no standards for individual identifiers were adopted due to cost and complexity. Employer identifiers use IRS-issued EINs, while health plan identifiers, initially introduced in 2012, were rescinded in 2019 due to implementation challenges. Healthcare providers use National Provider Identifiers (NPIs), established before HIPAA and extended in 2004. It’s crucial to distinguish these HIPAA unique identifiers from PHI identifiers, which must be removed for data de-identification. Entities uncertain about these distinctions should seek HIPAA compliance guidance to avoid violations.