What is De-identified Data?
De-identified data is created by removing all 18 elements that could be used to identify the individual or the individual's relatives, employers, or household members; these elements are enumerated in the Privacy Rule. The covered entity also must have no actual knowledge that the remaining information could be used alone or in combination with other information to identify the individual who is the subject of the information. De-identified health information, as described in the Privacy Rule, is not PHI, and thus is not protected by the Privacy Rule however it could be subject to contractual requirements. Requests to store additional data types within scope of HIPAA should be sent to ITSP for review prior to uploading to Box Enterprise.