Protected health information

Protected health information (PHI) is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

PHI is often sought out in datasets for de-identification before researchers share the dataset publicly. When researchers remove PHI from a dataset they do so in an attempt to preserve privacy for research participants.

United States

Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care:^[1]

1. Names
2. All geographical identifiers smaller than a state
3. Dates (other than year) directly related to an individual
4. Phone numbers
5. Fax numbers
6. Email addresses
7. Social Security numbers
8. Medical record numbers
9. Health insurance beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers;
13. Device identifiers and serial numbers;
14. Web Uniform Resource Locators (URLs)
15. Internet Protocol (IP) address numbers
16. Biometric identifiers, including finger, retinal and voice prints
17. Full face photographic images and any comparable images
18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data

De-identification versus anonymization

Anonymization occurs when all PHI elements are eliminated without the possibility of going back to the original data set. De-identification occurs when a link to the original, fully identified data set remains and is kept by an honest broker. Some elements require special care when de-identifying or anonymizing a data set:

1. Identification numbers such as medical record numbers have to be converted using an algorithm that will convert digits and letters using a random seed. In that way, the algorithm and the seed will offer a double protection to the conversion
2. Dates have to be converted to an interval, usually setting an important date, e.g., day of first treatment, and then setting the remaining dates as intervals from that date, positive or negative
3. Age over 90 years has to be set to a single value

References

1. "De-identification". ucdmc.ucdavis.edu. 2011 [last update]. http://www.ucdmc.ucdavis.edu/compliance/guidance/privacy/deident.html. Retrieved 9 December 2011. "safe" 

Further reading

• Full text of the Health Insurance Portability and Accountability Act (PDF/TXT) U.S. Government Printing Office
• What does PHI include?