Limited Data Set: The Complete Guide

What Is a Limited Data Set?

A limited data set is a type of protected health information (PHI) that doesn’t contain direct identifying information about individuals, as defined by the Privacy Regulations under HIPAA.

Why Is a Limited Data Set Important?

A limited dataset allows researchers to study specific populations without compromising the privacy of individuals. And conducting research is how we improve public health, develop new treatments, and advance medical research.

Limited Data Set for Research

Limited data sets allow researchers to advance medical research while respecting the privacy of individuals.

How Does HIPAA Protect Limited Data Sets?

HIPAA Privacy Regulations protect limited data sets by limiting how these data sets can be used and disclosed.

In other words, a limited data set can only be used for public health, research, or healthcare operations purposes, and those disclosing the data and those receiving it must enter into a Data Use Agreement (DUA).

What's a DUA?

The DUA (Data Use Agreement) establishes how the limited data set will be used, disclosed, and protected by the data recipients (who are usually researchers). It also describes who’s allowed to use and receive the limited data set.

Additionally, the DUA prevents recipients from trying to identify or contact the individuals from which the limited data set came.

Authorized Purposes

Limited data sets can only be used for purposes of public health, research, or healthcare operations.

Data Use Agreement

The DUA establishes how the limited data set will be used, disclosed, and protected, and by whom.

Information NOT Included in a Limited Data Set

  • Names
  • Street Addresses
  • Emails
  • Phone/fax numbers
  • Social security numbers
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate and license numbers
  • Vehicle identifiers and serial numbers
  • Device identifiers and serial numbers
  • Fax numbers
  • IP addresses
  • Biometric identifiers, like fingerprints
  • Photos of faces and comparable images

Information that CAN be Included in a Limited Data Set

  • Dates (e.g., date of birth, admission, discharge, death)
  • City, state, zip code (not street address)
  • Age
  • Unique codes that can’t be used to identify an individual (like assigning each patient’s dataset a random number.
What’s not in a Limited Data Set

Information known as direct identifiers must be excluded from a limited data set.

What’s in a Limited Data Set

Information that can’t directly identify individuals, like important dates, age, and zip code are included.

How to Use Limited Data Sets Safely and Securely

  • Only use and disclose limited data sets for authorized purposes (public health, research, and healthcare).
  • Protect patient privacy by complying with the DUA and HIPAA Privacy Rules.
  • Take action to end or repair any violations of the DUA, and if that doesn’t work, stop disclosing PHI and report the incident to the HHS Office.
  • Protect and secure patient datasets, limited or otherwise, by having HIPAA-compliant software and high-end security, including encryption.
  • Limit access to only those who require it. Conduct periodic Access Reviews and promptly remove access for those who no longer require it.
  • Follow Minimum Use guidelines; use the minimum amount of data you need for your purpose.

Rest Assured with HIPAA-Compliance

Clarity Ventures specializes in secure, HIPAA-compliant platforms. If you’re a recipient of a limited data set, or a covered entity, we can implement the software and integrations you need so you can operate securely and worry-free.

Learn More About HIPAA-Compliance

Recap:

Limited data sets are PHI that exclude direct identifying information so researchers can use them to study specific populations without compromising the privacy of individuals.

This type of information can be used to improve public health, develop new treatments and therapies, and advance medical research.

Limited data sets can be used safely and securely while protecting the privacy of patients. Taking these precautions safeguards both the researcher's goals as well as the patient's right to privacy.

Working with Clarity

We can help you find the right solution for your business—just click the button below to sign up for a free Discovery Session. There are no strings attached and no risk to you. We’re just happy to help. So why not give it a try?