Data Use Agreement For Limited Data Set

A covered business (for example. B Stanford) can use a member of its own staff to create a “limited dataset.” On the other hand, the recipient can also establish a “limited data set” as long as the person or entity acts as a counterparty to the company concerned. Disclosure of a “limited set of data” is not subject to HIPAA`s tracking/accounting requirements. The rationale appears to be that the minor increase in privacy that such an accounting would provide is offset by its expenses. DHHS considered that the privacy of individuals with respect to PHIs, which are disclosed in a “limited set of data,” can be properly protected by a signed data usage agreement. Defining authorized uses and disclosing the limited set of data; Clause 164.512 of the data protection rule also defines the specific uses of PHI and the disclosures that a covered company may make for searches without authorization, waiver or modification of the data authorization or agreement. These limited activities are the use or disclosure of the research preparation PHI and the use or disclosure of PHI with respect to search fraudsters. The data protection rule allows a seized company to identify the data by removing all 18 items that could be used to identify the person`s person or parents, employers or members of the person`s household; These items are listed in the privacy rule. The company concerned should also not be aware that the remaining information could be used, either alone or in combination with other information, to identify the person being the subject of the information. This method must consist of removing the following identifiers: in order for a data set to be considered a limited set of data, all the following direct identifiers, relating to the person or their parents, the employer or members of the household, must be deleted: if the unit concerned uses the alternative accounting method, it must, when requested by the person, help the person to contact the research organization and the researcher.

However, this support is limited to situations where there is a sufficient likelihood that the PPH was actually disclosed to the individual for the research protocol or research activities. Since a “limited data set” is still PHI, data protection rules provide that individuals` privacy is protected by requiring the relevant authorities (Hopkins) to enter into data use agreements with recipients of “limited data sets.” The data use agreement must be in line with the standards set by the data protection policy. An agreement on the use of the data must be: if a Stanford researcher is the recipient of a limited set of data from a non-Stanford source, the Stanford researcher may be invited to sign the other party`s AEA.

Comments are closed.