Protected Health Information (HIPAA)
Protected Health Information (PHI) is defined by the Health Insurance Portability and Accountability Act (HIPAA). PHI is individually identifiable health information that relates to the
- Past, present, or future physical or mental health or condition of an individual.
- Provision of health care to the individual by a covered entity (for example, hospital or doctor).
- Past, present, or future payment for the provision of health care to the individual.
Researchers should be aware that health and medical information about research subjects may also be regulated by HIPAA. Researchers can contact the Compliance Office with questions.
Examples:
The following individually identifiable data elements, when combined with health information about that person, make such information protected health information (PHI):
- Names
- Telephone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- License plate numbers
- URLs
- Full-face photographic images
- Any other unique identifying number, characteristic, code, or combination that allows identification of an individual
Laws/Regulations/Policies:
U.S. Dept of Health HIPAA websiteHealth and Human Services Information for Covered Entities
UNM Compliance
Frequently Used by:
- Faculty
- Staff
- Students
- Researchers
Category
Sensitive
Using Protected Health Information (HIPAA)
This list shows which services can and cannot be used to store and share Protected Health Information (HIPAA). Click any service for more details.
Key: Permission Levels
- Permitted
- Permitted with IA Consultation
- Not Permitted
Permitted
- Backup
- Database
- Virtual Machines
- Servers
- Endpoint
- Storage- CIFS
- Fileshare
Permitted with IA Consultation
- Software
- Licensed Applications
Not Permitted
- Cloud Storage
- Cayuse
- Google Drive
