Protected Information Policy

Depositors are responsible for ensuring that the submission is free from personally identifiable information such as individually identifiable health information (PHI), information that can be used to distinguish or trace an individual’s identity (PII), or student education records. By submitting material to this repository, the depositor acknowledges that the work is in compliance with laws and guidelines defined by the author’s program sponsors, sponsoring organization and relevant governing boards. Discovery of Protected Information within a deposit will result in immediate withdrawal from the Archive. See the Terms of Deposit for more information.

PHI Definition and Data Elements

The HIPAA Privacy Rule defines PHI and PYI data elements as "Individually identifiable health information," including demographic data, that relates to:

  • the individual’s past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual,
  • the individual's identity or for which there is a reasonable basis to believe it can be used to identify the individual.

Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

PII Definition and Data Elements

Per the Executive Office of the President, Office of Management and Budget (OMB) and the U.S. Department of Commerce, Office of the Chief Information Officer:

"The term “personally identifiable information” refers to information which can be used to distinguish or trace an individual's identity, such as their name, Social Security Number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc."

FERPA Definition and Data Elements

The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children's education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student. The FERPA statute is found at 20 U.S.C. § 1232g and the FERPA regulations are found at 34 CFR Part 99.