Explore
Write
Chat
Call
Research Computing Support
Protected Health Information (PHI)
Data Description
Protected Health Information (PHI) is regulated by the Health Insurance Portability and Accountability Act (HIPAA). PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed while providing a health care service, such as a diagnosis or treatment. Researchers should be aware that health and medical information about research subjects may also be regulated by HIPAA.
Examples of PHI (include but are not limited to):
- Patients Name
- Phone Number
- Email Address
- SSN
- Electronic Medical Record
Medicare and Medicaid Information:
- Individuals who have applied for or received benefits
- Claims data
- Names and addresses
- Diagnoses
- Medical services
- Other personally identifiable information
Patient’s medical history:
- Diagnoses
- Medications
- Treatment plans
- Immunization dates
- Allergies
- Radiology images
- Laboratory and test results
| Permitted | IT Tools & Products |
|---|---|
 | Google Drive |
| Gmail |
| Outlook |
| Microsoft OneDrive for Business |
| Microsoft Teams |
| ISAAC Secure Enclave |
| Windows Virtual Machines (VMs) |
| Linux Virtual Data Center Workstations (Linux vDWS) |
| Virtual Data Center WorkStations (vDWS) |
| WebEx FedRAMP |
| Zoom |
| Globus - Secure Enclave |
 | Qualtrics *Allowed if written approval provided in IRB documents |
| REDCap *Allowed if written approval provided in IRB documents |
 | Amazon Web Services (AWS) |
| Google Cloud Platform (GCP) |
| Google Cloud Platform FedRAMP |
| Microsoft Azure |
| Microsoft Azure FedRAMP |
| ISAAC Legacy |
| ISAAC Next Generation cluster (ISAAC-NG) |
| Globus - Open Enclave |
Additional Resources
Contact the Office of Research, Innovation, and Economic Development (ORIED) for additional information about data types.
Rob Withrow, Director, Human Research Protection Program
email: rwithrow@utk.edu
phone: 865-974-7494