According to the HIPAA Administrative Simplification Regulation Text1 The Privacy Rule regulates the way certain health care groups, organizations, or businesses, called covered entities under the Rule, handle the individually identifiable health information known as protected health information (PHI). Researchers should be aware of the Privacy Rule because it establishes the conditions under which covered entities can use or disclose PHI for many purposes, including for research. Although not all researchers will have to comply with the Privacy Rule, the manner in which the Rule protects PHI could affect certain aspects of research. Here you will find the 18 items designated as PHI Identifiers: 1. Names 2. All geographic subdivisions smaller than a state, including street address, city, county, ZIP Code, and their equivalent geographical codes, except for the initial three digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census. 3. Dates. All elements of dates (except year) including birth date, admission date, discharge date, date of death, unless individual is >89 yrs. 4. Telephone numbers 5. Fax numbers 6. E-mail addresses 7. Social security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers, including license plate numbers 13. Device identifiers and serial numbers, including license plate numbers 14. Web universal resource locators (URLs) 15. Internet protocol (IP) address numbers 16. Biometric identifiers, including fingerprints and voice prints 17. Full-face photographic images and any comparable images 18. Any other unique identifying number, characteristic, or code, uness otherwise permitted by the Privacy Rule for re-identification |