PHI High-Risk Data Approved Technologies (Public)

Owned by Amanda Griffith
Last updated: Jan 27, 2023 by Cassandra Rinker
2 min read

Protected Health Information is data that WVU considers Sensitive Data under the Sensitive Data Policy, therefore it is classified as High-Risk Data. Protected Health Information is individually identifiable health information held or transmitted by a University covered entity (“University Health Care Component”) in any form or media, whether electronic, paper, or oral. UHCCs must secure coded data as High-Risk data.

Important things to remember about Protected Health Information:

  • Limited Data Sets are considered PHI and are subject to data protections under HIPAA.

  • Personal devices may not be used by any research team member to conduct University activities that use PHI. The Sensitive Data Protection Standard strictly prohibits the use of personal devices to access or transmit Sensitive Data.

  • Voicemail and University email should never be used to transmit or collect patient/participant informed consent.

  • Voicemails should never be forwarded to email to prevent accidental transmission of PHI.

  • A Secure Fax means the receiving fax machine is in a secure location only accessible by authorized individuals, a cover sheet accompanies the transmission clearly indicating the recipient, and the recipient has been alerted to the transmission and is able to receive it.

  • Chat software, email, and texts cannot be used to communicate with participants during a research project conducted by University Health Care Components where clinical health/medical records and other health information are used for the research unless prior approval has been granted.

  • Faxing or scanning documents that include PHI to email is not permitted.

  • Physical PHI must always be stored and transported securely.

  • Pursuant to the University Electronic Mail Policy, personal email must never be used to conduct University activities.

  • The definitions of Data Collection, Data Sharing, Data Transmission, and Data Storage can be found on the Approved Technologies for Research main article.

Icon Key: Approved Not Permitted Not Applicable

PRODUCT/METHOD

DATA COLLECTION

DATA SHARING

DATA TRANSMISSION

DATA STORAGE

In person via paper

Secure Fax

Paper via mail (e.g., USPS, FedEx, UPS)

Personal email

Personal phone

Faculty/staff personal device

Student personal device

Jabber

WVU Telephone

WVU Voicemail

Teams Chat/SharePoint

WVU O365 Email

OneDrive/SharePoint

MIX Email

WVU Google Drive

WVU Personal Drive (e.g., J:)

WVU Network Drive (Common or Secure)

Qualtrics

FaceTime

WVU Zoom^

LiquidFiles

eCampus#

CloudResearch*

Cint*

Prolific*

Mturk*

Jumo%

SAS%

SPSS%

NVivo%

Atlas%

TranscribeMe^

with HSC approval

Rev.com^

Health Sciences Center-specific technologies

HSC O365 Email

HSC Teams Chat/SharePoint

HSC OneDrive

HSC SharePoint

with HSC approval

HSC Qualtrics

REDCap

HSC Zoom^

HSC NextCloud

HSC Globus

HSC sFTP

SOLE#

HSC Secure Research Environment (HSC VDI, secure network drive with DLP)

HSC Network Drive

Forte (OnCore/eReg)

SOD patient access portal

^Product is approved to be used for transcription services.

#Product is only approved for collection of data from and sharing data with WVU students or faculty for academic purposes.

*Product is approved to collect data and pay human subject research participants. Additional approvals are required from WVU Procurement to use products for participant payment.

%Product is approved for data analytics use.

Applications/software (e.g., Skype, Box, Dropbox, Survey Monkey, and Wufoo) that have not been approved by the University should never be used to interact with patients/study participants. If a product is required for research and is not listed here, complete an IT Purchase Request. Review and approvals of such requests could cause delays. Please plan accordingly.