Still trying to grasp the concept of a limited data set? Based on the name alone, it's hard to tell what exactly it is. Furthermore, the complex wording of the Health Insurance Portability and Accountability Act (HIPAA) adds greater confusion to covered entities. In this post we're going to take a closer look at limited data sets and how they are used.
Most information stored and used by covered entities falls under the category of Protected Health Information (PHI), which must abide by strict Privacy Rule regulations. HIPAA was established nearly two decades ago with the primary purpose of protecting the privacy of patients. This means doctors, nurses, chiropractors, dentists are other covered entities are prohibited from disclosing patients' PHI to unauthorized individuals entities.
Limited data set differs from PHI in the sense that covered entities may use or disclose it without obtaining authorization from the respective patient – assuming it's used for the purpose of research, public health, and/or healthcare operations. It's important to note that this doesn't give covered entities the green light to use their patients' limited data set in any manner they please. This information can only be used for the purposes of research, public health, and/or healthcare operations.
A patient document or other information is labeled as Protected Health Information when it contains one or more of eighteen identifiers. Limited Data Set, however, lacks 16 of these identifiers, which are listed below:
- Home address information (not including town or city, state and zip code)
- Telephone number
- Fax number
- Electronic mail address
- Social security number
- Medical record number
- Health plan beneficiary number
- Account number
- Driver's license number
- Vehicle identifiers and serial numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol address numbers
- Biometric identifiers (e.g. fingerprints)
- Full-face photographs
Limited data set information may still contain identifiers such as the patient's date of birth, date of death, date of service, town or city, state and zip code.
The key difference between Protected Health Information and limited data set is that the latter doesn't have to follow HIPAA's strict Privacy Rule. However, covered entities are only allowed to use limited data set information for the aforementioned purposes.