Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

What is protected health information (PHI)?

According to the US Department of Health and Human Services, protected health information (PHI) is "any individually identifiable information whether oral or recorded in any form or medium" that:

  • is created, or received by a health care provider, health plan or health care clearing house (aka Covered Entity); and
  • relates to past, present, or future physical or mental health conditions of an individual; the provision of health care to the individual; or past, present, or future payment for health care to an individual.

Data are "individually identifiable" if they include any of the 18 types of identifiers for an individual or for the individual's employer or family member, or if the provider or researcher is aware that the information could be used, either alone or in combination with other information, to identify an individual. These identifiers are:

  • Name
  • Address (all geographic subdivisions smaller than state, including street address, city, county, or ZIP code)
  • All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89)
  • Telephone numbers
  • FAX number
  • Email address
  • Social Security number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate/license number
  • Any vehicle or other device serial number
  • Device identifiers or serial numbers
  • Web URL
  • IP address
  • Finger or voice prints
  • Photographic images
  • Any other unique identifying number, characteristic, or code

All protected health information is subject to federal Health Insurance Portability and Accountability Act (HIPAA) regulation.

Electronic protected health information (ePHI)

Electronic protected health information (ePHI) is any protected health information (PHI) that is created, stored, transmitted, or received electronically.

Electronic protected health information includes any medium used to store, transmit, or receive PHI electronically. The following and any future technologies used for accessing, transmitting, or receiving PHI electronically are covered by the HIPAA Security Rule:

  • Media containing data at rest (storage)

    • Personal computers with internal hard drives used at work, home, or traveling
    • External portable hard drives, including iPods and similar devices
    • Magnetic tape
    • Removable storage devices, such as USB memory sticks, CDs, DVDs, and floppy disks
    • PDAs and smartphones

  • Data in transit, via wireless, Ethernet, modem, DSL, or cable network connections

    • Email
    • File transfer
This is document ayyz in domains all and xsede-all.
Last modified on January 10, 2013.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.