# Recognising personal data in healthcare projects

In healthcare projects, personal data could include:

* Socio-economic data, such as household income, and ages and education levels of each household member. 
* Electronic health records, such as individual episodes of care including doctor visits, prescriptions supplied, or hospital or day care surgeries. 
* Health and wellness tracking from mobile phones, digital watches and other wearable technologies that measure, for example, heart rate, levels of physical activity and sleeping patterns. 
* Mobile phone numbers, which often have associated geo-location that could identify an individual. 
* Information about employees working in healthcare systems, for example name, address and bank details.

![](https://598840926-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlEwI17OEvGRpPYrTqO%2Fuploads%2F5URgCmQKPu74fOz6D9dd%2Flocked.png?alt=media\&token=611d8850-36a8-43eb-ab65-70ec160b950b)

**Key actions to take:**

* Could the data in your project directly or indirectly identify individuals? If the answer is yes, refer to the section below on minimising risks. 
* Consider developing a [data protection impact assessment](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/) to keep a record of specific risks and mitigations. 
* Consider speaking to your data protection officer or seeking legal advice to confirm which data protection laws and regulations will need to be complied with.