According to HIPAA, a restricted data group is a group of recognizable healthcare data that the HIPAA Secrecy Law allows protected units to distribute specific bodies for public health activities, research purposes, as well as healthcare jobs without getting prior approval from patients if specific preconditions are met.
Contrary to de-identified safeguarded health information that’s no more categorized as PHI as per HIPAA Laws a restricted data group according to HIPAA is still recognizable safeguarded information. For that reason, it’s still dependent on HIPAA Secrecy Law rules.
A HIPAA restricted data group can only be communicated to bodies that have contracted a data use contract with the protected body. The data use contract lets the protected body to get acceptable pledges that the PHI will just be utilized for particular purposes, that the PHI won’t be revealed by the body with which it’s communicated, and that the conditions of the HIPAA Secrecy Law will be obeyed.
The data use contract, which should be accepted before the restricted data group being shared, must plan the following:
- Permissible uses as well as disclosures
- Sanctioned recipients as well as users of the data
- A contract that the data won’t be utilized to get in touch with people or re-identify them
- Need safeguards to be applied to make sure the secrecy of data and avoid forbidden uses as well as disclosures
- Declare the finding of incorrect uses as well as disclosures should be informed back to the protected unit
- Declare that any contractors who are needed to access or utilize the files also sign a data use contract and agree to abide by its requirements.
In all circumstances, the HIPAA least possible necessary requirement applies, and info in the data set should be restricted to just the information essential to perform the goal for which it’s revealed.
What Information Should be Deleted From a Restricted Data Set According to HIPAA?
According to HIPAA Laws, a restricted data set can’t have any of the below mentioned information:
- Postal address information or street addresses with the exclusion of state, town/city and zip code
- Full face photos as well as comparable images
- Biometric identifiers like retinal scans, fingerprints, and voice prints
- IP addresses and URLs
- Device identifiers as well as serial numbers
- Vehicle identifiers as well as serial numbers, containing license plates
- Certificate as well as license numbers
- Other account numbers
- Health plan beneficiary numbers
- Medical records numbers
- Social Security numbers
- E-mail addresses
- Phone/Fax numbers