Skip to main content
Sign In

How to Handle Protected Health Information (PHI)

General Policy

Information pertaining to specific individuals is protected by Health Insurance Portability and Accountability Act (HIPAA). Data that is protected in this context should be treated carefully. If data has any of the identifying characteristics elaborated on below, special issues may arise with transferring data and the permissions of the analyst to view and/or store the data. Please discuss de-identification options with your biostatistician to mitigate these issues.

PHI Definitions (COMIRB guidelines)

Protected health information (PHI) is any data which, when combined with one or more data elements or commonly available information, could be used to identify a person. PHI does not include de-identified information which does not identify an individual and for which there is no reasonable basis to believe that information could be used to identify an individual.

Information which may be protected includes, but is certainly not limited to:
  • Name
  • Postal address (to a location smaller than state)
  • All elements of dates, except year (For dates directly related to an individual including birth date, admission date, discharge date, and date of death. As well as ages greater than 89 aggregated to 90 and older.)
  • Phone/Fax Number
  • Email addresses
  • Social Security Number
  • Medical Record Number
  • Health plan number
  • Account numbers
  • Certificate/license numbers
  • URL addresses
  • IP addresses
  • Vehicle identifiers
  • Device ID
  • Biometric ID
  • Full face (or other identifying photo)
  • Any other unique identifying number, characteristic, or code

It should be noted that HIPAA regulations also apply to deceased individuals.

Center for Innovative Design & Analysis (CIDA)

Formerly known as the Colorado Biostatistics Consortium (CBC)
13001 17th Place | Mail Stop B119 | Room 100, Building 406 | Aurora, CO 80045
303.724.2325 |

Biostatistics Consulting | Grant Collaboration | Department of Biostatistics and Informatics | BERD | BBSR | ColoradoSPH

© The Regents of the University of Colorado, a body corporate. All rights reserved.

Accredited by the Higher Learning Commission. All trademarks are registered property of the University. Used by permission only.