MYTH: A limited data set is the same as de-identified data under HIPAA.
FACT: A limited data set is a separate legal concept under the Privacy Rule and is considered identifiable data. It is not the same as de-identified data.
A limited data set is a form of Protected Health Information (PHI) that a covered entity is permitted to use and disclose for research, public health or health care operations, without obtaining patient authorization. De-identified data, by contrast, is not considered PHI at all and thus not protected by the Privacy Rule. To learn more about the differences between a limited data set and de-identified data, please read our Myth Buster.
Enter the password to open this PDF file:
.png)