Anonymized Data Previously identifiable data (indirectly or individually identifiable) that have been de-identified and for which a code or other link no longer exists. An investigator has NO means for linking anonymized data back to a specific subjects.
Anonymous Data Data that was collected without identifiers and that were never linked to an individual. Coded data are not anonymous. See also de-identified data.
Coded Data are separated from personal identifiers through use of a code. As long as a link exists, data are considered indirectly identifiable and not anonymous, anonymized or de-identified.
Common Rule

The Federal Policy for the Protection of Human Subjects or the “Common Rule” was published in 1991 and codified in separate regulations by 15 Federal departments and agencies. The Health and Human Services (HHS) regulations, 45 CFR Part 46, include four subparts:

  • subpart A, also known as the Federal Policy or the “Common Rule”;
  • subpart B, additional protections for pregnant women, human fetuses, and neonates;
  • subpart C, additional protections for prisoners; and
  • subpart D, additional protections for children.

See the HHS website for more information.


Confidentiality refers to the researcher’s plan to handle, manage and disseminate the participant’s identifiable private information. Researchers should only collect identifiable information when needed (see minimum necessary).

Investigators should ensure that information is not made available or disclosed to unauthorized individuals, entities or processes. Protection of confidentiality is an ethical standard of the health professions.


The voluntary agreement of an individual or their legally authorized representative (informed and competent) for participation in a study.

See IRB consent guidance for more information on the consent process and documentation of informed consent.

Covered Entity Refers to three types of entities that must comply with the HIPAA Privacy Rule: health care providers; health plans; and health care clearinghouses. For purposes of the HIPAA Privacy Rule, health care providers include hospitals, physicians, and other caregivers, as well as researchers who provide health care and receive, access or generate individually identifiable health care information.
Top of page
Data Use Agreement An agreement between the investigator (recipient) and the covered entity that the investigator will protect the protected health information in a Limited Data Set and use it for the agreed upon purposes.
De-identified Data

A record in which identifying information is removed.

Under the HIPAA Privacy Rule, data are de-identified if either:

  1. an experienced expert determines that the risk that certain information could be used to identify an individual is "very small" and documents and justifies the determination, or
  2. the data do not include any of the 18 identifiers (of the individual or his/her relatives, household members, or employers) which could be used alone or in combination with other information to identify the subject. Note that even if these identifiers are removed, the Privacy Rule states that information will be considered identifiable if the covered entity knows that the identity of the person may still be determined.
Directly Identifiable Any information that includes personal identifiers. To determine what data may be considered identifiable, please see items that must be removed under the HIPAA Privacy Rule's definition of de-identified.
Disclosure The release, transfer, provision of access to, or divulging in any other manner of protected health information outside the entity holding the information. Requires a specific authorization under HIPAA except if disclosure is related to the provision of health care, payment or operations of the entity responsible for the PHI or under a limited set of other circumstances, as for public health purposes.
Health Information Any information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
HIPAA The Health Insurance Portability and Accountability Act of 1996. The HIPAA section of this site has more information.
Human Subject

According to 45 CFR Part 46, a human subject means a living individual about whom an investigator (whether professional or student) conducting research obtains

(1) Data through intervention or interaction with the individual, or
(2) Identifiable private information.


Top of page
Indirectly Identifiable Data that do not include personal identifiers, but link the identifying information to the data through use of a code. These data are still considered identifiable by the Common Rule. To determine what data may be considered identifiable, please see de-identified.
Individually Identifiable

Any information that includes personal identifiers (18 HIPAA Identifiers or any subset of health information that identifies the individual or can reasonably be used to identify the individual).

Institutional Review Board (IRB)

An IRB is chartered under the Common Rule to protect human research subjects. The IRB at UCSF also serves the HIPAA Privacy Board.

Limited Data Set

A set of data in which most of the protected health information has been removed. The following identifiers of the individual or of the individual’s relatives, employers or household members must be removed:

1. Names;
2. Addresses, other than town or city, state, and zip code;
3. Telephone numbers;
4. Fax numbers;
5. Electronic mail addresses;
6. Social security numbers;
7. Medical record numbers;
8. Health plan beneficiary numbers;
9. Account numbers;
10. Certificate / license numbers;
11. Vehicle identifiers and serial numbers (including license plate numbers);
12. Device identifiers and serial numbers;
13. Web universal Resource Locators (URLs);
14. Internet Protocol (IP) address numbers;
15. Biometric identifiers, including finger and voice prints; and
16. Full face photographic images and any comparable images.


See coded.

Minimal Risk

The probability and magnitude of harm or discomfort anticipated in the research are not greater in and of themselves than those ordinarily encountered in daily life or during the performance of routine physical or psychological examinations or tests.

Minimum Necessary

A HIPAA Privacy Rule standard requiring that when protected health information is used or disclosed, only the information that is needed for the immediate use or disclosure should be made available by the health care provider or other covered entity.

This standard does not apply to uses and disclosures for treatment purposes (so as not to interfere with treatment) or to uses and disclosures that an individual has authorized, among other limited exceptions. Justification regarding what constitutes the minimum necessary will be required in some situations (e.g., disclosures with a waiver of authorization and non-routine disclosures).

Need to Know A security principle stating that a user should have access only to the data needed to perform a particular function.
Top of page

Privacy concerns people, whereas confidentiality concerns data. Privacy refers to a person’s wish to control the access of others to themselves.

Privacy Rule

The HIPAA regulations that protect the privacy of health information.

Protected Information Health (PHI)

Protected health information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.

See the IRB's HIPAA guidance for more information about what is PHI and what is not PHI.

Here is the list of 18 identifiers under HIPAA:

  1. Names;
  2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
  4. Phone numbers;
  5. Fax numbers;
  6. Electronic mail addresses;
  7. Social Security numbers;
  8. Medical record numbers;
  9. Health plan beneficiary numbers;
  10. Account numbers;
  11. Certificate/license numbers;
  12. Vehicle identifiers and serial numbers, including license plate numbers;
  13. Device identifiers and serial numbers;
  14. Web Universal Resource Locators (URLs);
  15. Internet Protocol (IP) address numbers;
  16. Biometric identifiers, including finger and voice prints;
  17. Full face photographic images and any comparable images; and
  18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)
Research A systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalizable knowledge.