Defining authorized uses and disclosing the limited set of data; A data usage agreement and a matching agreement are common contractual relationships within the framework of HIPAA. Apart from the fact that they both have the word « agreement » in their name, these agreements could not be more different. The difference between a data usage agreement and a matching agreement is explained below. A restricted record is a data set that is deprived of certain direct identifiers specified in the HIPAA privacy rule. A limited data set can only be passed on to an external provider without a patient`s permission if the purpose of disclosure is for research, health or health purposes and if the person or entity receiving the information signs a data use agreement (AEA) with the company or its counterpart. No, information about « limited data sets » is not covered by THE HIPAA accounting of advertising obligations. The Department of Health and Human Services (DHHS) has found that the privacy protection of individuals in relation to PHIs that are disclosed in a « limited data box » can be properly protected by a single AAU. This means that all of the following direct identifiers, which relate to the person or their parents, employer or household members, must be removed so that a data set is a limited set of data, whether it is a limited set of data, and that all persons submitted under the agreement are subject to the same restrictions as those set out in the agreement; and if Stanford is the provider of a limited data set, Stanford requires that an AEA be signed to ensure that the appropriate provisions to protect the limited data set are in place. Here are the contacts for different types of searches: 4. Ask the recipient to use appropriate security measures to prevent unauthorized use or disclosure that is not provided for by the agreement; A DUA is not required if there is another agreement (for example. B financing) which already takes into account the conditions of the transfer of LDS between the two companies.