> For the complete documentation index, see [llms.txt](https://open-data-institute.gitbook.io/data-governance-playbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://open-data-institute.gitbook.io/data-governance-playbook/play-eight-managing-risks-when-handling-personal-data/recognising-personal-data-in-healthcare-projects.md).

# Recognising personal data in healthcare projects

In healthcare projects, personal data could include:

* Socio-economic data, such as household income, and ages and education levels of each household member.&#x20;
* Electronic health records, such as individual episodes of care including doctor visits, prescriptions supplied, or hospital or day care surgeries.&#x20;
* Health and wellness tracking from mobile phones, digital watches and other wearable technologies that measure, for example, heart rate, levels of physical activity and sleeping patterns.&#x20;
* Mobile phone numbers, which often have associated geo-location that could identify an individual.&#x20;
* Information about employees working in healthcare systems, for example name, address and bank details.

![](/files/SLotCMfkmV0vhBp8lEcm)

**Key actions to take:**

* Could the data in your project directly or indirectly identify individuals? If the answer is yes, refer to the section below on minimising risks.&#x20;
* Consider developing a [data protection impact assessment](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/) to keep a record of specific risks and mitigations.&#x20;
* Consider speaking to your data protection officer or seeking legal advice to confirm which data protection laws and regulations will need to be complied with.
