Be aware that per the Institutional Data Policy (https://cybersecurity.osu.edu/cybersecurity-osu/internal-policies-compliance/institutional-data-policy) that HIPAA-protected data is not permitted in BuckeyeMail, the email service provided by the university to students that is separate from Outlook provided to employees. Please see the Permitted Data Usage by Service document to see where and how you may use HIPAA data: https://cybersecurity.osu.edu/system/files/osuidp-coreservices_210503.pdf. The IDP Calculator also exists to help assist with determinations: https://cybersecurity.osu.edu/idp-calculator.
HIPAA is a complicated topic, and there are many caveats, but if you have any questions regarding whether or not you are working with PHI, or how you may appropriately handle and use PHI, please reach out to the college HIPAA Security Officer, Alex Vu, or the college HIPAA Privacy Officer, Cathy Beatty, and we would be happy to help you make a determination.