Protected Health Information (PHI) is regulated by the Health Insurance Portability and Accountability Act (HIPAA). PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed while providing a health care service, such as a diagnosis or treatment. Researchers should be aware that health and medical information about research subjects may also be regulated by HIPAA.

Examples of PHI:  

• Patient Information: name, phone number, email address, SSN, electronic medical record
• Medicare and Medicaid Information: Individuals who have applied for or received benefits, claims data, names and addresses, diagnoses, medical services, other personally identifiable information
• Patient’s medical history: diagnoses. medications, treatment plans, immunization dates, allergies, radiology images, lab and test results

How can you ensure your PHI data stays secure? OIT provides a list of tools that are permitted and supported for use with PHI information along with tools that should be avoided.  

Learn more about Protected Health Information (PHI) on the Guide to Sensitive Information Research website.