A data use agreement (DUA) is an agreement required by the HIPAA Privacy Rule between a covered entity and a person or entity that receives a “limited data set” from the covered entity. Even though a limited data set excludes many direct identifiers of the individual, when such information is in the hands of non-covered entities, the Privacy Rule attempts to protect the privacy of individuals through the use of DUAs. To learn more about the requirements of a DUA, please read our Fast Facts below.
Enter the password to open this PDF file:
.png)