HIPAA Compliance
At Purdue
Purdue University
RCHE-Health Outcomes and Policy Research Center
Designated Record Set
The HIPAA privacy rule requires privacy and security safeguards for protected health
information as defined in a designated record set. Purdue’s RCHE-Health Outcomes and Policy
Research Center has defined the designated record set for the department in this document.
DEFINITIONS:
Protected Health Information (PHI) has been defined to mean all individually identifiable health
information that is a subset of health information, including demographic information collected
from an individual, and:
(1) Is created or received by a covered health care provider, health plan, employer, or health care
clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual;
the provision of health care to an individual; or the past, present, or future payment for the
provision of health care to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be
used to identify the individual.
DESIGNATED RECORD SET
The Designated Record Set for Purdue’s RCHE-Health Outcomes and Policy Research Center
contains individually identifiable data, in any medium, accessed or maintained by the
department. The content may be in multiple locations and media, including paper and electronic
form.
1. The Designated Record Set includes, but is not limited to:
 Health risk assessment and coaching data from the Healthy Purdue Initiative, claims data,
long and short-term disability information, worker’s compensation claims, and
absenteeism data is used by the RCHE staff to provide support for research. RCHE staff
conduct file maintenance activities and file extracts for researchers,
 Downloaded data that includes PHI in a limited data set or other identifiable form for use
in research or workflow analysis projects.
Page 1 of 1
Last Revision 12/8/2015