Protected Health Information (PHI) is any information regarding health status, healthcare terms or medical payments that can be linked to a specific individual.

Health Insurance Portability and Accountability Act (HIPAA) regulations do allow scientists and scholars to access and use protected health information when necessary to conduct research; however, they also stipulate that no information shall be disclosed that could be linked to a specific person.

Under HIPAA regulations, there are 18 identifiers linked to PHI that must be treated with special care. They are:

• Names
• All geographical identifiers smaller than a state
• Dates (other than year) directly related to an individual
• Phone numbers
• Fax numbers
• Email addresses
• Social Security numbers
• Medical record numbers
• Health insurance beneficiary numbers
• Account numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers (including license plate numbers)
• Device identifiers and serial numbers
• Web uniform resource locators (URLs)
• Internet Protocol (IP) address numbers
• Biometric identifiers, including finger, retinal and voice prints
• Full-face photographic images and any comparable images
• Any other unique identifying number, characteristic or code, except the unique code assigned by the investigator to code the data