Protected Health Information (PHI) is regulated by the Health Insurance Portability and Accountability Act (HIPAA). PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed while providing a health care service, such as a diagnosis or treatment. Researchers should be aware that health and medical information about research subjects may also be regulated by HIPAA.
Medicare and Medicaid Information:
Patient’s medical history:
| Permitted | IT Tools & Products |
|---|---|
 | Google Drive |
| Gmail |
| Outlook |
| Microsoft OneDrive for Business |
| Microsoft Teams |
| ISAAC Secure Enclave |
| Windows Virtual Machines (VMs) |
| Linux Virtual Data Center Workstations (Linux vDWS) |
| Virtual Data Center WorkStations (vDWS) |
| WebEx FedRAMP |
| Zoom |
| Globus - Secure Enclave |
 | Qualtrics *Allowed if written approval provided in IRB documents |
| REDCap *Allowed if written approval provided in IRB documents |
 | Amazon Web Services (AWS) |
| Google Cloud Platform (GCP) |
| Google Cloud Platform FedRAMP |
| Microsoft Azure |
| Microsoft Azure FedRAMP |
| ISAAC Legacy |
| ISAAC Next Generation cluster (ISAAC-NG) |
| Globus - Open Enclave |
Contact the Office of Research, Innovation, and Economic Development (ORIED) for additional information about data types.
Jennifer Engle, Director, Human Research Protection Program
email: jengle@utk.edu
phone: 865-974-7494
Explore
Write
Chat
Call