Identify limited data sets and permitted usage.

CHS may use and disclose a limited data set without authorization for the purposes of research, public health, or operations if CHS and the recipient of the data enter into a data use agreement.

1. Definition: A limited data set is PHI that does not identify the patient, but does contain certain information that might potentially identify the patient.
2. Creation of a limited data set requires the following identifiers be removed from the data:
1. Name
2. Social Security number
3. Medical record/account numbers
4. Health plan beneficiary numbers
5. Postal information excluding city, state, and zip codes
6. Telephone or fax numbers
7. Email addresses
8. License numbers
9. Vehicle identifiers, including license plate numbers
10. Device information, including serial numbers
11. Technical information, including URL or IP addresses
12. Biometrics, including fingerprint and voiceprints
13. Photographs and other identifiable images
3. All data use agreements must be approved by the Compliance Office prior to execution.  A data use agreement must
1. Establish permitted uses and disclosures of the limited data set
2. Establish who is permitted to use/receive the limited data set
3. Establish the recipient will not use or disclose the information other than permitted, safeguard the data, report any unauthorized use or disclosure, and not identify or contact the patients