In order to use or disclose the deceased`s PHI for research purposes, the companies concerned are not required to obtain authorizations from the personal representative or their relatives, a waiver or modification of the authorization or an agreement for the use of the data. However, the covered company must receive written or oral assurances from the researcher seeking access to the deceased that the use and disclosure are sought exclusively for research on the IHP of the deceased; (2) written or oral statements clarifying that the IHP for which use or disclosure is requested is necessary for research purposes and (3) the death of persons at the request of the undertaking concerned; whose IHP is sought by researchers. A data use agreement between the relevant company and the researcher must be as follows: the data protection rule allows three methods of accounting for research-related disclosures, without the permission of the individual or with the exception of a limited set of data: (1) A standard approach, (2) an approach for multiple advertisements and (3) an alternative for disclosures involving 50 or more people. Regardless of the approach chosen, the statement is made in writing and is made available to the person requesting. Accounting reports to individuals may contain the results of more than one accounting policy. defining the permitted uses and advertisements of the limited data set; A Data Use Agreement (DUA) is an agreement that is necessary and must be entered into in accordance with the data protection rule before a limited data set (defined below) is used or disclosed to an external institution or party. A limited set of data is always Protected Health Information (PHI), and that`s why covered companies like Stanford have to enter into a data usage agreement with each recipient of a limited set of Stanford data. A data use agreement and a counterparty agreement are customary contractual relationships between HIPAA. Apart from the fact that the two have the word “agreement” in their name, these agreements could not be more different. The difference between a data use agreement and a counterparty agreement is explained below. The limited data set provisions also require the companies concerned to take appropriate measures to remedy a breach by a recipient of the data use agreement. In other words, if Hopkins discovers that the data provided to a recipient is being used in a way that is not authorized by the agreement, Hopkins must work with the recipient to resolve this issue.
If these steps are not successful, Hopkins should stop disclosing PHI to the recipient as part of the Data Use Agreement and report the situation to the JH Privacy Office at 410-614-9900 or firstname.lastname@example.org. A limited set of data excludes specified direct identifiers (identifiers that constitute protected health information or PHI that directly identify researchers) of the person or family, employers, or members of the person`s household. .