You may have heard of some data breach class action settlements involving a range of topics from consumer
products to data breaches. On this very website, you may have seen links to various class action settlement
sites that ask for some personal information (name, date of purchase, purchased amount, receipts) in order
to file a claim.
Often you've faced online forms that seek to gather your personal information with the intent to benefit
you, only to end up finding out that they're only doing this for their own benefit like data mining
or marketing analytics. You'd be valid in your cynicism or skepticism. So how do you know what these lawyers
and law firms are doing with your personal information?
Understanding Personally Identifiable Information (PII)
Personally Identifiable Information, commonly known as PII, refers to any data that can be used to identify
a specific individual, either directly or indirectly. This concept encompasses a wide range of information,
from obvious identifiers like names and Social Security numbers to more subtle data points that, when
combined, can pinpoint a person's identity.
The Significance of PII
In our increasingly digital world, PII has become a critical concern for both individuals and organizations.
The importance of PII stems from several factors:
• Privacy Protection: As personal data becomes more valuable, safeguarding individual privacy
has become paramount.
• Legal Compliance: Many laws and regulations now require organizations to protect PII, with
severe penalties for non-compliance.
• Financial Implications: Data breaches involving PII can result in significant financial losses
for both companies and affected individuals.
Reputation Management: Organizations that fail to protect PII may suffer severe reputational damage.
Types of Personally Identifiable Information (PII)
PII can be categorized into various groups:
• Basic Identifiers: Name, date of birth, gender
• Contact Details: Address, phone number, email
• Professional Information: Employer, job title, work history
• Government-Issued IDs: Passport number, driver's license, Social Security number
• Health-Related Data: Medical records, biometric information
• Digital Footprints: IP addresses, online usernames, browsing history
What are Examples of PHI?
PHI Identifiers Under HIPAA
Protected Health Information (PHI) refers to any health-related data that can identify an individual. HIPAA
outlines 18 identifiers that qualify information as PHI:
• Names: Names become PHI only when linked to health data. For example, "John Smith" alone is
not PHI, but "John Smith was treated for diabetes" is PHI.
• Geographic Information: Street addresses, cities, counties, and ZIP codes smaller than a
state.
• Dates: Birthdates, admission dates, discharge dates, death dates, and ages over 89.
• Phone Numbers: Any personal or work telephone number connected to medical info.
• Fax Numbers: Identifiable fax lines used for transmitting health records.
• Email Addresses: Patient or client emails tied to healthcare data.
• Social Security Numbers: SSNs linked to health or insurance records.
• Medical Record Numbers: Unique identifiers for patient records.
• Health Plan Beneficiary Numbers: Insurance or policy identifiers.
• Account Numbers: Billing or financial accounts related to healthcare.
• Certificate or License Numbers: Professional or personal licenses connected to health
information.
• Vehicle Identifiers: License plates or VIN numbers associated with an individual’s care.
• Device Identifiers: Serial numbers of medical devices like pacemakers or implants.
• Web URLs: Any website address that reveals patient identity.
• IP Addresses: Device IPs tied to an individual’s health data.
• Biometric Identifiers: Fingerprints, voiceprints, or retinal scans linked to medical records.
• Full-Face Photos: Photographs and comparable identifiable images.
• Other Unique Identifiers: Any code or characteristic that could identify a person when
combined with health data.
How Names Become PHI
A name alone is not always PHI. It becomes PHI when linked with health information:
• Not PHI: "John Smith, 555-1234" in a phone book (no medical context).
• PHI: "John Smith was admitted to Bellevue Hospital with pneumonia."
• PHI: "Jane Doe received chemotherapy on May 3, 2025."
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law enacted in 1996 to protect
sensitive patient health information from being disclosed without a patient’s consent or knowledge. HIPAA
sets national standards for the security and privacy of PHI:
• Privacy Rule: Establishes how PHI can be used and shared.
• Security Rule: Requires safeguards to protect electronic PHI (ePHI).
• Enforcement Rule: Provides standards for compliance investigations and penalties.
• Breach Notification Rule: Requires organizations to notify individuals and regulators if PHI
is compromised.
Covered entities (like healthcare providers, insurers, and clearinghouses) and their business associates
(vendors or contractors handling PHI) must comply with HIPAA to ensure patient privacy and data security.
Examples of PHI Class Actions
Class action lawsuits often arise when PHI is exposed due to a data breach, unauthorized disclosure, or
improper handling of sensitive medical records. Recent cases include:
• Anthem Data Breach: A massive breach compromised the PHI of nearly 80 million people, leading
to one of the largest healthcare settlements in U.S. history.
• Community Health Systems Breach: Hackers accessed the PHI of 4.5 million patients, including
names, addresses, and Social Security numbers.
• Montefiore Medical Center: A data breach exposed patient medical records and billing
information, resulting in legal action for alleged HIPAA violations.
• Excellus BlueCross BlueShield: PHI of more than 10 million members was exposed, sparking
lawsuits over inadequate data security measures.
• Banner Health: Attackers stole the PHI of 3.7 million patients, including medical records and
insurance details, leading to significant legal claims.
Protecting PII
To safeguard PII, organizations should:
• Implement robust data security measures
• Provide regular employee training on data handling
• Conduct frequent security audits
• Develop and enforce strict data protection policies
• Stay informed about evolving privacy laws and regulations
Why do I need to provide personal information when filling out a claim form?
The personal information you submit in your claim for is used by the lawyers representing class action
members in a class action settlement to:
• Determine your eligibility and the validity of your claim,
• Compare, if necessary, against an existing database of information,
• Assess the proportionate claim amount you are entitled to.
Any information reviewed and stored by the class action administrators is maintained and accessed as per the
stated privacy policies of the website. For instance, many class action law firms and their partners adhere
to a well-established privacy policy standard known as the
GDPR. Make sure to check the privacy policy section of any website you visit to ensure that you are
aware of and comfortable with the way that your data is retained and used before you submit your information
in any forms.
What is the Genetic Information Protection Act?
PII can also be considered your biometric or genetic information, according to certain interpretations of
the Illinois GIPA laws. GIPA, or the Genetic Information Protection Act, is an Illinois law that seeks to
protect genetic information of Illinoisians. The protection is provided for individuals' privacy and
non-discrimination based on their "genetic" information, as defined by HIPAA.
Generally, the law does not allow employers to make decisions based on certain HIPAA defined "genetic"
factors such as RNA, DNA, proteins, chromosomes, metabolites, mutations, or chromosomal changes. It also
prohibits the release of some of this private information to anyone other than the person being genetically
tested. This is similar to how personally identifiable information is protected.
Providing Accurate Information to Class Action Administrators
This should go without being said, but make sure that you fill out claim forms with information that is
up-to-date and as correct as possible to your best knowledge. The information you provide should be current,
and include valid email addresses and phone numbers with your claim submission. It is your responsibility to
supply accurate contact information to the class action claims administrator for you to receive a payment.
Some class administrators may confirm your email or cell phone number, or notify you of upcoming settlement
payments.
Additionally, accurate contact information will ensure that any follow up from class action claims
administrators reaches you using the contact information you provide. This may be a good method for you to
contact claims administrators in the event that any of your pertinent information changes such as your home
address.
How Concerned Should I Be About My Data?
As a rule of thumb, you can always err on the side of caution by doing your due diligence.
Meaning, read the privacy policy pages of any website where you are submitting your personal data, and
make sure to record where and when you have submitted any data that is deemed personally identifiable information or personally sensitive
information.
How Do I Find Class Action Settlements?
Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:
Replying to Reviews Can Increase Revenue by 35%
Engaging with customers and responding to their reviews is more than just good practice. Replying to reviews
can Increase Revenue by 35%. By taking the time to acknowledge
feedback and address concerns, businesses build trust, foster loyalty, and improve overall customer
satisfaction. This proactive approach has been shown to increase revenue by 35%, making it a simple yet
highly effective strategy for growth. Incorporating this practice alongside other business safeguards, such
as protecting PII and handling class action claims responsibly, ensures both financial and reputational
benefits over time.