What is HIPAA?

Health Insurance Portability and Accountability Act (HIPAA) is a complex regulation that may affect researchers at the University of Maine.  HIPAA is designed to protect the use and disclosure of individually identifiable health information (also defined as Protected Health Information or PHI).  PHI is defined as any of the 18 HIPAA recognized identifiers) in combination with health information.

HIPAA recognized identifiers

  1. Names;
  2. All geographic subdivisions smaller than a State, including street  address, city, county, precinct, zip code, and their equivalent geocodes;
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death;
  4. Telephone numbers;
  5. Fax numbers;
  6. Electronic mail addresses;
  7. Social security numbers;
  8. Medical record numbers;
  9. Health plan beneficiary numbers;
  10. Account numbers;
  11. Certificate/license numbers;
  12. Vehicle identifiers and serial numbers, including license plate numbers;
  13. Device identifiers and serial numbers;
  14. Web Universal Resource Locators (URLs);
  15. Internet Protocol (IP) address numbers;
  16. Biometric identifiers, including finger and voice prints;
  17. Full face photographic images and any comparable images;
  18. Any other unique identifying number, characteristic, or code.

At this time, the Cutler Health Center is the only health care component covered by the HIPAA regulations; however, if a researcher collaborates with a hospital, doctor, etc., the regulations apply.  UMS HIPAA General Operating Policies and Forms.  HIPAA General Operating Policy #25, USES AND DISCLOSURES FOR RESEARCH PURPOSES (PDF).

Please email us at umric@maine.edu if you have questions.  We will be in contact with University Counsel for advice on all studies that are subject to the Privacy Rule.