HIPAA regulations allow researchers to access and use protected health information when necessary to conduct research. However, HIPAA only affects research that uses, creates, or discloses protected health information that will be entered in to the medical record or will be used for healthcare services, such as treatment, payment or operations.
Under the US Health Insurance Portability and Accountability Act (HIPAA), there are 18 identifiers linked to protected health information that must be treated with special care. They are as follows:
- Names
- All geographical identifiers smaller than a state
- Dates (other than year) directly related to an individual
- Phone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health insurance beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers;
- Device identifiers and serial numbers;
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data
