Skip to content Skip to navigation
The University of New Mexico

Sensitive Identifiable Human Subject Research


Sensitive identifiable human subject research data is regulated by the Federal Policy for the Protection of Human Subjects (also called the “Common Rule”). Among other requirements, the Common Rule mandates that researchers protect the privacy of subjects and maintain confidentiality of human subject data.

A human subject is defined by federal regulations as a "living individual about whom an investigator (whether professional or student) conducting research obtains (1) data through intervention or interaction with the individual, or (2) identifiable private information.”

“Identifiable” means the information contains one or more data elements that can be combined with other reasonably available information to identify an individual (for example, Social Security number, health care record).

Personally identifiable data is sensitive if disclosure of such data would pose increased social/reputational, legal, employability, or insurability risk to subjects.

Examples:

The following individually identifiable data elements, when combined with health information about that person, make such information protected health information (PHI):

  • Names
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • License plate numbers
  • URLs
  • Full-face photographic images
  • Any other unique identifying number, characteristic, code, or combination that allows identification of an individual

Laws/Regulations/Policies: 

U.S. Dept of Health HIPAA websiteHealth and Human Services Information for Covered Entities
Compliance
UNM Compliance Resources Center - HIPAA

Frequently Used by:

  • Faculty
  • Staff
  • Students
  • Researchers

Category

Sensitive

Using Sensitive Identifiable Human Subject Research

This list shows which services can and cannot be used to store and share Sensitive Identifiable Human Subject Research. Click any service for more details.

Key: Permission Levels

  • Permitted
  • Permitted with IA Consultation
  • Not Permitted

Permitted

  • Backup
  • Database
  • Virtual Machines
  • Servers
  • Endpoint
  • Storage- CIFS
  • Fileshare

Permitted with ISPO Consultation

  • Software
  • Licensed Applications

Not Permitted

  • Cloud Storage
  • Email
  • Cayuse
  • Google Drive