A limited data set is a data set that is deprived of certain direct identifiers indicated in the data protection rule. A limited set of data can only be transmitted to an external provider without a patient`s permission if the purpose of disclosure is for research, health or health purposes and if the person or entity receiving the information signs a data use agreement (AEA) with the company or its counterpart. prohibit the recipient from using or disclosing the information unless the agreement permits or otherwise allows it; If a Stanford researcher is the recipient of a limited set of data from a non-Stanford source, the Stanford researcher may be asked to sign the other party`s AAU. In this case, the Stanford researcher should consult with the relevant contract office to determine whether, materially, he is in agreement with the Stanford AAU. · Achieving the agreement required a common vision, final research, true trust, real guidance, fierce patience, abundant investment, iterative development, selfless cooperation, careful coordination and fidelity to a common language: data. If Stanford is the provider of a limited data set, Stanford requires that an AEA be signed to ensure that the appropriate provisions to protect the limited data set are in place. Here are the contacts for different types of research: A DUA must be entered before the use or disclosure of a data set limited to an institution or external party. No, information about „limited data sets“ is not covered by THE HIPAA accounting of advertising obligations. DHHS considered that the privacy protection of individuals with respect to PHIs, which are disclosed in a „limited data set,“ can be properly protected by a single AAU. Limited records may contain only the following identifiers: A Data Use Agreement (AEA) is an agreement that is required and must be entered into in accordance with the data protection rule before a limited data set (defined below) is used or disclosed to an external institution or external party. A limited set of data remains health information (PHI) and that`s why covered companies, such as Stanford, must enter into a data usage agreement with each recipient of a limited set of Stanford data. Yes, you need both a DATA Use Agreement (DUA) and a Business Associate Agreement (BAA) because the covered entity (Stanford University Affiliated Covered Entity) provides the PHI recipient, which may contain direct or indirect identifiers.
For this reason, a BAA may be required before disclosing direct identifiers to the recipient outside of Stanford.