Skip to Main Content

IRB for DNP Students

Health Insurance Portability and Accountability Act (HIPAA)

Does HIPAA apply to my study?

HIPAA rules apply to researchers who want to use personal health information for their studies.

Personal health information means the researcher can figure out who the person is from the data.

HIPAA covers certain types of organizations, called "covered entities":

  • Health insurance plans
  • Health care clearinghouses (they help process health information)
  • Health care providers who send health information electronically (like for billing)

Examples of covered entities include:

  • Hospitals
  • Academic medical centers
  • Doctors who send billing info electronically to insurance companies

Click through this link to access SHU IRB's HIPAA page with relevant forms and an FAQ.

Protected Health Information (PHI)?

What is Protected Health Information (PHI)?

It includes any health information that:

  • Can identify a person or could be used to figure out who they are.
  • Is made or received by a doctor, health plan, employer, or health information service.
  • Talks about a person’s physical or mental health—past, present, or future.
  • Is about the health care someone gets.
  • Is about payments made for someone’s health care.