Research Computing Support
Protected Health Information (PHI)
Data Description
Protected Health Information (PHI) is regulated by the Health Insurance Portability and Accountability Act (HIPAA). PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed while providing a health care service, such as a diagnosis or treatment. Researchers should be aware that health and medical information about research subjects may also be regulated by HIPAA.
Examples of PHI (include but are not limited to):
- Patients Name
- Phone Number
- Email Address
- SSN
- Electronic Medical Record
Medicare and Medicaid Information:
- Individuals who have applied for or received benefits
- Claims data
- Names and addresses
- Diagnoses
- Medical services
- Other personally identifiable information
Patient’s medical history:
- Diagnoses
- Medications
- Treatment plans
- Immunization dates
- Allergies
- Radiology images
- Laboratory and test results
Permitted | IT Tools & Products |
---|---|
Google Drive | |
Gmail | |
Outlook | |
Microsoft OneDrive for Business | |
Microsoft Teams | |
ISAAC Secure Enclave | |
Windows Virtual Machines (VMs) | |
Linux Virtual Data Center Workstations (Linux vDWS) | |
Virtual Data Center WorkStations (vDWS) | |
WebEx FedRAMP | |
Zoom | |
Globus - Secure Enclave | |
Qualtrics *Allowed if written approval provided in IRB documents | |
REDCap *Allowed if written approval provided in IRB documents | |
Amazon Web Services (AWS) | |
Google Cloud Platform (GCP) | |
Google Cloud Platform FedRAMP | |
Microsoft Azure | |
Microsoft Azure FedRAMP | |
ISAAC Legacy | |
ISAAC Next Generation cluster (ISAAC-NG) | |
Globus - Open Enclave |
Additional Resources
Contact the Office of Research, Innovation, and Economic Development (ORIED) for additional information about data types.
Rob Withrow, Director, Human Research Protection Program
email: rwithrow@utk.edu
phone: 865-974-7494