HIPAA (Privacy Rule) regulates the use and transmission of personal health information (PHI).
HIPAA aims to maintain greater privacy of medical records. PHI is health information transmitted or maintained in any form or medium that:
- identifies or could be used to identify an individual; and
- is created or received by a healthcare provider, health plan, employer or healthcare clearinghouse; and
- relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of healthcare to an individual.
Since UT Austin does not have a medical school (thus, usually not generating PHI) the majority of UT Austin research intersecting with HIPAA involves the transmission of protected medical data. Medical data obtained directly from the research subject does not fall under HIPAA's purview.