We are required to safeguard confidential information that is protected by law or policy and use the term Restricted Information as the umbrella term for all the different kinds of confidential information. See the FAQ below for more information on specific kinds of Restricted Information and their definitions.
Restricted Information (as defined by UC Policy IS-3, Electronic Information Security) describes any confidential or Personal Information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit. This includes Personal Information, PHI and ePHI as defined below but could also include other types of information such as intellectual property, proprietary information, research protocols, research results, study subject identifiable information, student information, animal research information, passwords, and other confidential information that could damage the reputation of the institution. Click on the link below to download a summary of all the different types of Restricted Information. Restricted Information Definitions
Protected health information or PHI is any individually identifiable health information, in any format, including verbal communications. “Individually identifiable” means that the health or medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the patient’s name, address, electronic mail address, telephone number, or social security number, or other information that, alone or in combination with other publicly available information, reveals the individual’s identity. PHI includes patient billing and health insurance information and applies to a patient’s past, current or future physical or mental health or treatment.
Electronic Protected Health Information or ePHI is PHI that is transmitted by electronic media or is maintained in electronic media. For example, ePHI includes all data that may be transmitted over the Internet, or stored on a computer, a CD, a disk, magnetic tape or other media.
“Medical information” means any information, in either electronic or physical form, regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, and which may be in the possession of or derived from a health care provider, health care service plan, pharmaceutical company or contractor. “Health insurance information” means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. Medical information and health insurance information for patients are also considered to be PHI.