Do HIPPA regulations apply to data sets with health information?
Yes. Regulations permit covered entities (usually the agency providing the data) to disclosure health information for research purposes without authorization by the research subject if the use or disclosure involves a “limited data set” and the covered entity enters into a data use agreement with the researcher. A “limited data set” is protected health information that excludes the following direct identifiers of the individual or of relatives, employers, or household members of the individual subjects: a) names b) postal address information, other than town or city, state and zip code c) telephone numbers d) fax numbers e) email addresses f) social security numbers g) health plan beneficiary numbers h) account numbers i) certificate/license numbers j) vehicle identifiers and serial numbers k) device identifiers and serial numbers l) web universal resources locators (URLs) m) Internet protocol (IP) address numbers n) biometrics identifiers, including finger and voice prints o) full fac
