The federal Health Insurance Portability and Accountability Act (HIPAA) governs the protection of health information maintained as part of the University's health plans or collected / used as part of a University-sponsored research project.

How It Applies

HIPAA rules cover any individually identifiable demographic information created or received by a health care provider, health plan, or clearing house. Anyone conducting human-subject research or administering University health plans must be aware of the policies governing the protection and disclosure of individuals' health information. 

Protected Health Information

Protected information includes:

  • Information related to payment for health care
  • Information about health conditions, health services received, or services that may be received in the future

Specifically, HIPAA outlines 18 categories of protected information. This information is classified as Restricted, and is subject to state and federal privacy and security rules. It includes names, social security numbers, medical record numbers, and other personally identifiable information. (See the HIPAA website for details.)

Report a Concern

  • Think Princeton information may have been compromised? Contact the Help Desk immediately at 258-HELP.
  • Have a legal or ethical concern about a research project? Review the reporting protocol set forth by the Office of Research Integrity and Assurance.

Learn More: