Indiana University
IU School of Medicine
Maps & Directions  |  Make a Gift  |  Login

Skip Navigation Links
Overview
Career OpportunitiesExpand Career Opportunities
Faculty
Email List
Employee Access
Statistical Sites
TeachingExpand Teaching
Research AreasExpand Research Areas
PublicationsExpand Publications
Fee Schedule
Collaborator InfoExpand Collaborator Info
Technical Reports
Contact Info
Retrospective Analysis

Conducting Analyses on Retrospective Data when the Study has been Officially Closed

 

*See following paragraph for definition of PHI. Per HIPAA, work with a limited data set doesn't require IRB review; however, the Common Rule (i.e., the regulations the IRB lives by) still considers analysis of a limited dataset human subjects research subject to review by an IRB, so the procedures outline above are no different for a limited dataset.

What identifies Protected Health Information (PHI)? PHI is all individually identifiable health information transmitted or maintained by a covered entity, regardless of form – i.e. paper, electronic or verbal.Below is the list of 18 identifiers that must be removed in order for a dataset to be considered de-identified.**Refer to http://www.iupui.edu/%7Eresgrad/hipaa/glossary_011703.rtf for more definitions and details.

  • Names
  • Geographic designations smaller than a state including street address, city, county, precinct, zip codes and equivalent geocodes,(except for the initial 3 digits of a zip code if more than 20,000 people reside in the area)
  • Dates relating to the individual including birthdays (other than the year) and ages over 89
  • Telephone numbers
  • Fax numbers
  • E-mail addresses
  • Social Security number
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers, including license plates
  • Device identifiers
  • Universal resource locators (URLs)
  • Internet protocol (IP) address numbers
  • Biometric identifiers - finger and voice prints
  • Full face photographic images and comparable images
  • Any other unique identifying number, characteristic, or code

 

Note:  Other demographic information, such as gender, race, ethnicity, and marital status are not included in the list of identifiers that must be removed.

Information is presumed de-identified if all 18 identifiers are removed.

 

** An alternative way to designate a dataset as de-identified is if a person with appropriate knowledge and experience applying generally accepted statistical and scientific principles and methods for rendering information not individually identifiable makes a determination that the risk is very small that the information could be used, either by itself or in combination with other available information, by anticipated recipients to identify a subject of the information. 

 
Indiana University
IU | IUPUI | Disclaimer | Privacy Policy | Web Master
Copyright 2008, The Trustees of Indiana University | Copyright Complaints
Last Updated On: February 20, 2009
Division of Biostatistics | 410 West 10th Street, Suite 3000 | Indianapolis, IN 46202 | (317) 274-2661