The HIPAA Privacy Rule, defines PHI as “any individually identifiable health information.” This includes ANY of the following 18 identifiers relating to an individual, or his or her relatives, household members, or employer:
- Names (including initials)
- All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code and equivalent geocodes
- All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death
- Telephone numbers
- Fax numbers
- E-mail addresses
- Social security numbers (although using the last 4 digits is acceptable)
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers, including license plate and serial numbers
- Device identifiers and serial numbers
- Web universal resource locators (URL’s)
- Internal protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full-face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
Please note that the Privacy Rule does not apply to protected heath information. If your research can be done, or can be modified to be done without ANY of the above information, it can be considered as using de-identified data.
Click here to access the "Studies Exempt from HIPAA statement" to submit to CPHS for either 1) new studies that will use only de-identified data or 2) current protocols that will be changing to a de-identified format.
|
