Protected Health Information (PHI) is individually identifiable health information that is created, used, or disclosed by covered entities or their business associates under HIPAA.
PHI includes identifiers linked to medical records, diagnoses, lab results, treatment dates, and other health-related data that can identify a person. In research, PHI handling requires defined access controls, minimum necessary use, secure storage, and appropriate authorization or waiver documentation. IRBs evaluate how PHI will be accessed, disclosed, and protected across study workflows and vendors. Strong PHI governance reduces privacy risk and supports compliant data use.