...
This policy shall apply to health information that is generated during provisions of health care to patients in any of the University’s patient care units, patient care centers or faculty practices as well as Human Subjects research under the auspices of the University or by any of its agents in all RowanSOM Schools, Units, Departments and University owned or operated facilities.
IV. DEFINITIONS
“Protected “Protected Health Information (PHI)” means individually identifiable health information that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual and identifies or could reasonably be used to identify the individual. If a patient has been deceased for more than fifty (50) years, the PHI is no longer considered protected. This is not a record retention requirement and covered entities may destroy medical records according to the State or other applicable laws. When individually identifiable health information is created, received, maintained or transmitted by a Business Associate and tied to a covered entity is considered PHI.
Except as provided in paragraph (b) of this definition that is:
transmitted by electronic media
maintained in electronic media
transmitted or maintained in any other form or medium
Protected health information excludes individually identifiable health information in:
Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g
Records described at 20 U.S.C. 1232g(a)(4)(B)(iv)
Employment records held by a covered entity in its role as employer
...