Research that Involves access to Protected Health Information (PHI) | Office of Research Compliance | Kent State University

Research that Involves access to Protected Health Information (PHI)

  • What is PHI?
    • PHI is individually identifiable health information held or transmitted by a covered entity or its business associates, in any form or media, whether electronic, paper, or oral. More information can be found on the Health and Human Services website.
  • What is the Health Insurance Portability and Accountability Act (HIPAA)?
    • HIPAA has three components, all of which are enforced by the federal Office for Civil Rights:
      • HIPAA Privacy Rule: protects the privacy of individual identifiable health information.
      • HIPAA Breach Notification Rule: requires covered entities and business associates to provide notification following a breach of unsecured PHI.
      • HIPAA Security Rule: sets standards for the security of electronic PHI.
  • How do I know if I am affected by the HIPAA privacy rule?
    • The HIPAA privacy rule affects research and researchers when:
      • Research requires access to and/or use of PHI that is created or maintained by covered entities, or
      • A covered entity component of KSU performs research that creates or generates PHI.
  • What should I do if my research involves access to PHI?