Institutional Privacy Committee

Assess your Research or Data Collection for Protected Health Information
-- it’s not what you think it is!

Definition of Protected Health Information (PHI)

Protected Health Information is any of the below listed information that is generated by a health care provider, payor or health care clearinghouse that is related to past, present or future health care treatment, payment or provisions for treatment or payment that can be readily associated with a specific individual including;

  1. Names;
  2. All geographic information smaller that a state including a street address, city, county, precinct, and zip code;
  3. All elements of dates except year, for dates relating to an individual including birth date, admission date, date of death, and all ages over 89 and all element of dates include year indicative of such age;
  4. Telephone numbers;
  5. Fax numbers;
  6. Electronic mail addresses;
  7. Social Security numbers;
  8. Medical Record Numbers;
  9. Health Plan beneficiary Numbers;
  10. Account Numbers;
  11. Certificate or License Numbers;
  12. Vehicle identifiers and serial numbers, including license plate numbers;
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locators (URLs);
  15. Internal Protocol (IP) address numbers;
  16. Biometric identifiers including finger and voice prints;
  17. Full face photographic images and comparable images;
  18. Any other unique identifying number, characteristic or code (excluding ICD-9
    Codes).

If you are using any protected health information that is derived from health providers such as physicians, advance practice nurses, dentists, Physician Assistants, Insurance Companies, Third Party Administrators, or quality assessment firms, then you are using Protected Health Information (PHI) and you must complete additional paperwork and receive new approvals to continue to use any of this information past April 14, 2003. Additional paperwork is required even if you received previous IRB approval, exemption or if your project did not fall under the definition of research (unless the activity itself is considered treatment, payment or health care operations, TPO).

 
IPC Forms
Screening Tools
Privacy Policies
General Information
Required Education

Contact Privacy Officers
General Privacy Officer
Privacy Officer for Research
Educational Materials

IPC Home
ORC Home

ORC Privacy
Statement