About protected health information (PHI) data elements in the classifications of institutional data

At Indiana University, Classification levels of institutional data are defined in IU's Management of Institutional Data (DM-01). The following table lists institutional data elements that do or may constitute protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Depending on the context, Critical data elements may or may not constitute PHI. Institutional data elements not appearing in the table below are not PHI. For questions or more information, contact the University HIPAA Privacy Officer (hipaa@iu.edu).

Note:
While this document refers to PHI, which also includes written and oral information, the only type of PHI that is stored and analyzed on UITS computer systems is electronic PHI (ePHI).
Data element Classification Does it constitute PHI?
Health information - Fax numbers
Critical PHI
Health information - Email address
Critical PHI
Health information - Medical record numbers
Critical PHI
Health information - Health plan beneficiary numbers
Critical PHI
Health information - Account numbers
Critical PHI
Health information - Certificate/license numbers
Critical PHI
Health information - Device identifiers
Critical PHI
Health information - URLs, IP addresses
Critical PHI
Health information - Biometric identifiers
Critical PHI
Health information - Full face photographic images
Critical PHI
Health information - Any other unique identifier
Critical PHI
Health information - Telephone numbers
Critical PHI
Health information - Names Critical PHI
Social Security number Critical
PHI if it satisfies this definition
Driver's license number Critical
PHI if it satisfies this definition
Passport number Critical
PHI if it satisfies this definition
Visa number Critical
PHI if it satisfies this definition
State identification card number
Critical
PHI if it satisfies this definition
Certificate/license number Critical
PHI if it satisfies this definition
All payment card data (including all credit/debit cards and cardholder information)
Critical
PHI if it satisfies this definition
Debit card number Critical
PHI if it satisfies this definition
Bank account number or other financial account numbers
Critical
PHI if it satisfies this definition
Health information Critical
PHI if it satisfies this definition; not PHI if de-identified
Health information - Geographic information smaller than a state
Critical PHI
Date of birth/age Restricted
PHI if it satisfies this definition
Emergency contact Restricted
PHI if it satisfies this definition
Home mailing address Restricted
PHI if it satisfies this definition
Home phone Restricted
PHI if it satisfies this definition
Visa status Restricted
PHI if it satisfies this definition
Country of birth or citizenship
Restricted
PHI if it satisfies this definition
Work authorization (I-9) Restricted
PHI if it satisfies this definition
Job action reason (for example, terminations or leave)
Restricted
PHI if it satisfies this definition
Benefits enrollment info Restricted
PHI if it satisfies this definition
Payroll information (for example, taxes, deductions, etc.)
Restricted
PHI if it satisfies this definition
Marital status Restricted
PHI if it satisfies this definition
Examples: IU University ID, preferred name/prior name, position information, part-time/full-time indicator
University-internal
PHI if it satisfies this definition
Dates of first and last employment
Public
PHI if it satisfies this definition
Name Public
PHI if it satisfies this definition
Compensation Public
PHI if it satisfies this definition
Job title Public
PHI if it satisfies this definition
Job description Public
PHI if it satisfies this definition
Business address Public
PHI if it satisfies this definition
Business telephone number Public
PHI if it satisfies this definition
Previous work experience Public
PHI if it satisfies this definition
Education and training background
Public
PHI if it satisfies this definition

This is document bdtx in the Knowledge Base.
Last modified on 2023-02-02 12:40:35.