Resource Library

Protected Health Information

Protected Health Information (PHI) is any information regarding health status, healthcare terms or medical payments that can be linked to a specific individual.

Health Insurance Portability and Accountability Act (HIPAA) regulations do allow scientists and scholars to access and use protected health information when necessary to conduct research; however, they also stipulate that no information shall be disclosed that could be linked to a specific person.

Under HIPAA regulations, there are 18 identifiers linked to PHI that must be treated with special care. They are:

  • Names
  • All geographical identifiers smaller than a state
  • Dates (other than year) directly related to an individual
  • Phone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers (including license plate numbers)
  • Device identifiers and serial numbers
  • Web uniform resource locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers, including finger, retinal and voice prints
  • Full-face photographic images and any comparable images
  • Any other unique identifying number, characteristic or code, except the unique code assigned by the investigator to code the data