Protected Health Information (PHI) is defined by the Health Insurance Portability and Accountability Act (HIPAA). PHI is individually identifiable health information that relates to the

  • Past, present, or future physical or mental health or condition of an individual.
  • Provision of health care to the individual by a covered entity (for example, hospital or doctor).
  • Past, present, or future payment for the provision of health care to the individual.
Researchers should be aware that health and medical information about research subjects may also be regulated by HIPAA. Researchers can contact the UMHS Compliance Office with questions.

The following individually identifiable data elements, when combined with health information about that person, make such information protected health information (PHI):


    • Names
    • Telephone numbers
    • Fax numbers
    • Email addresses
    • Social Security Numbers
    • Medical record numbers
    • Health plan beneficiary numbers
    • License plate numbers
    • URLs
    • Full-face photographic images
    • Any other unique identifying number, characteristic, code, or combination that allows identification of an individual


    Additional Resources:


    Frequently Used By
    • Staff
    • Faculty
    • Researchers
    • Sensitive
    Restrictions Key
    • Permitted
    • Not Permitted
    • Permitted with Encryption