Protected Health Information (PHI) Data Plan

1. Project Overview

Project Title Principal Investigator / Project Lead Project Description

2. PHI Data Description

Type(s) of PHI To Be Collected or Used Source(s) of PHI

3. Data Access & Handling

Who will have access to the PHI? How will PHI be transmitted? How will PHI be stored?

4. Data Security Measures

• Describe physical security controls
• Describe electronic security (encryption, access controls, etc.)
• Describe backup and recovery plans

5. Data Sharing & Disclosure

With whom will PHI be shared (if anyone)? Procedures for data sharing and agreements

6. Data Retention & Disposal

Retention period for PHI Data destruction/disposal procedures

7. Regulatory & Compliance

• HIPAA compliance details
• IRB approval details
• Other regulatory requirements