Is coded information identifiable according to the Privacy rule?

The Privacy Rule considers coded information to be de-identified if 18 specific identifiers are coded and the individual cannot reasonably be identified. The Privacy Rule does consider the code itself to be identifiable and hence, protected health information. Note, the Common Rule, in contrast to the Privacy rule, considers coded information to be identifiable. So while access to the coded information alone is not covered by the Privacy rule it is covered by the common rule and requires IRB review.

FAQ Topic: