The HIPAA Privacy Rule establishes minimum federal requirements for the use and disclosure of protected health information (PHI) by covered entities. However, if a covered entity seeks to release PHI to a non-covered entity for research, public health activities or health care operations, then the covered entity may do so only in a “limited data set” and with an accompanying Data Use Agreement (DUA) executed between the covered entity and the recipient of the limited data set. We invite you to read our new Fast Facts and Myth Buster on DUAs to learn more about when they are required and what they must contain.
Click here to read our Fast Facts: What is a Data Use Agreement?
.png)