What is a HIPAA Limited Data Set and Why is it Important?

Technology makes accessing and using medical data easier than ever, but it can also increase the potential exposure of that data if not safeguarded properly. HIPAA rules provide a very specific framework for how data is collected, stored, and used.

Put in place to protect patients' personal health records, data can be shared under specific circumstances. These specific circumstances come with their own set of rules, governed by a HIPPA limited data set data use agreement, to maintain patient privacy while making data available for researchers.

What Is A Limited Data Set Under HIPAA?

A limited data set, as defined under HIPAA, is any set of identifiable healthcare data that can be shared with certain third-parties without obtaining prior authorization from patients. This applies only to certain data under certain conditions, such as research, public health uses, or healthcare operations.

Healthcare providers must take significant steps to protect people’s identities. There are 16 elements that HIPAA laws require to be removed from limited data sets, including any information that may make a patient's medical records personally identifiable.

Removal Required under HIPAA Limited Data Set and Data Use Agreements

  1. Names
  2. Identifiable postal address information (Other than town, city, state, or zip)
  3. Phone numbers
  4. Fax numbers
  5. Email addresses
  6. Social Security numbers
  7. Medical record numbers
  8. Account numbers
  9. Certificate or license numbers
  10. Health plan beneficiary numbers
  11. Vehicle IDs or license plates
  12. Device identifiers or serial numbers
  13. Website URLs
  14. IP Addresses
  15. Biometric identifiers, such as fingerprints or voice prints
  16. Full-face photo images

As Protected Health Information (PHI) has slightly less stringent requirements than de-identified data, which is not considered PHI. In addition to the above criteria, data in de-identified data sets also needs to be stripped of geographic information smaller than a state (such as a town, city, state, or zip code) and date references directly related to an individual (such as birth date, admission date, discharge date, or date of death).

What Is A HIPAA Limited Data Set Data Use Agreement?

Since the prepared data is still not 100 percent anonymous, the data sets can only be shared under a HIPPA limited data set data use agreement.

When it comes to identifying what is limited data set under HIPAA, the HIPPA limited data set data use agreement details specific uses. It holds researchers or other recipients accountable for making sure the data is only used for these purposes and will not be disclosed.

HIPAA Limited Data Set Data Use Agreement Terms

  • Use of health information will be limited to the stated purpose
  • Protected health information will not be removed
  • Protected health information being requested is necessary for the stated purpose

Any subcontractors that would have access to the data must also agree to these terms. It also prevents data users from trying to match the data to actual patients.

Why Is A Limited Data Set Important Under HIPAA?

A limited data set under HIPAA is important in order to protect an individual’s identity from being linked to their medical records. For healthcare providers, the penalties for failing to comply with HIPAA can be severe and expensive.

Is Your Business Communication System HIPAA Compliant?

Your business phone services and communication channels need to be HIPAA compliant. In today’s connected world, data can be accessed and shared in a variety of ways. Collaborating via chat, web conferencing, text, video, voice, and document sharing are now common in healthcare organizations, which allows doctors and technicians to collaborate remotely and connects staff anywhere. This also creates its own set of concerns as electronic communications are vulnerable to data leakage and hacking.

Here are two key questions you need to ask about your communication systems, including mobile devices:

  • Are your systems secure?
  • Will you be protected from HIPAA privacy violation claims?

8x8 Is Secure, Reliable, And HIPAA Compliant

When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our form online to request a no-obligation quote from an 8x8 Product Specialist.

  • Request a

    or call 1-866-835-2979