The University of Texas at Houston
gray bar graphic
  UTHSC-H     People Directory 
Search

Frequently Asked Questions
Frequently Asked Questions
Guidelines
Investigator Training
Human Subjects Research Policies
Investigator Resources
Contact the ORSC Staff
Return to ORSC Main Page


Log in to iRIS Register for iRIS Training iRIS Guidelines Helpful iRIS Tips

ANIMAL WELFARE

COMMITTEE
RESOURCES
TRAINING
CENTER FOR LABORATORY ANIMAL MEDICINE & CARE

HIPAA Limited Dataset / Data Use Agreement

This provides a “middle of the road” option for researchers, allowing you to use/disclose at least some individually identifiable information for research purposes (for example, to send to sponsors.) A limited dataset will also allow you to disclose information to disease registries or studies operated by private organizations.

The key thing to remember with a limited dataset is that the recipient of this information will have to sign a data use agreement. The “minimum necessary” rules also apply to this type of dataset. Identifiers that must be removed from a limited dataset include the following:

• Name
• Street address or box number
• Telephone and fax numbers
• Vehicle identification numbers and serial numbers
• URL’s, IP addresses, and e-mail addresses
• Full-face photographs
• Social security numbers
• Medical record numbers
• Health plan beneficiary numbers/other account numbers
• Device identifiers and serial numbers
• Biometric identifiers
• Certificate or license numbers

Useful information such as complete dates, 5-digit zip codes, and geographic information (other than street addresses) may be used.

This should be considered a “one-time use” dataset; re-identification of the individual is not permitted, and the subject may not be contacted.

Data use agreements are specific to the study and to the recipient of information, and must be approved by the CPHS before use. The following must be included in the data use agreement:

  • The person or organization to use/receive the dataset

  • An explanation of how the recipient may use or disclose the data

  • A statement that the recipient will not use or disclose the information except as permitted in the agreement or as required by law

  • A statement that the recipient will use appropriate safeguards to protect the data from misuse or inappropriate disclosure

  • A statement that the recipient will report use or disclosure not permitted in the data use agreement

  • A statement that the recipient will ensure that its agents provide the same restrictions/provisions

  • A statement that the recipient will not attempt to re-identify the PHI


The data use agreement will be an agreement between you and the covered entity from whom you acquire or to whom you disclose PHI.

The covered entity will most likely be the one to draft the data use agreement. However, you may access our template for a data use agreement by contacting the HIPAA officer at 713-500-7943.

This data use agreement will be tailored to be specific to the data you are accessing for your study, and MUST be included in your IRB application packet. The IRB must approve this data use agreement BEFORE IT IS USED.

 

 

 

For other questions, please call us at 713-500-7943.

 


 

Copyright © 2008 by The University of Texas Health Science Center at Houston
Site Policies | State of Texas | Site Publisher
Office of Research Support Committees | 6410 Fannin, Suite 1100, Houston, Texas 77030
phone 713.500.7943 | IRIS Support 713.500.7960 | fax 713.500.7951 | email orsc@uth.tmc.edu
last modified March 26, 2008

University of Texas Houston Health Science Center Logo
#ReadTopStory