What is HIPAA?
Health Insurance Portability and Accountability Act (HIPAA) is a complex regulation that may affect researchers at the University of Maine. HIPAA is designed to protect the use and disclosure of individually identifiable health information (also defined as Protected Health Information or PHI). PHI is defined as any of the 18 HIPAA recognized identifiers) in combination with health information.
HIPAA Recognized Identifiers
- Names
- All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes
- All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
HIPAA at University of Maine
At this time, the Cutler Health Center is the only health care component covered by the HIPAA regulations; however, if a researcher collaborates with a hospital, doctor, etc., the regulations apply.
- University of Maine System (UMS) HIPAA Policies and Forms
- UMS HIPAA Policy #25: Uses and Disclosures for Research Purposes (PDF)
Please email us at umric@maine.edu if you have questions. We will be in contact with University Counsel for advice on all studies that are subject to the Privacy Rule.