LIMITED DATA SETS
When using or disclosing PHI, a DMH component may use a limited data set if the component enters into a data use agreement with the limited data set recipient providing that a limited data set not include any of the following direct identifiers of the individual who is the subject of the PHI or of relatives, employers, or household members of the individual:
Postal address Information, other than town or city, State, and zip code;
A DMH program area may use or disclose a limited data set only if it obtains satisfactory assurance, in a memorandum of agreement, that the limited data set recipient will only use or disclose the PHI for limited purposes. The memorandum of agreement must:
Establish the permitted PHI uses and disclosures in the limited data set
by the recipient;
A DMH program area may use or disclose a limited data set only for the purposes of research, public health, or health care Operations. If the limited data set is needed for research or projects that have a research component, DMH’s Institutional Review Board (see Research policy) must approve the research project.
The DMH program area that will use or disclose the requested limited data set must determine the purpose of the request. If the request is for research purposes or has a research component, DMH’s Institutional Review Board must first review the request. If the Institutional Review Board approves the research, the Institutional Review Board Administrator will inform the program area that it may proceed with the memorandum of agreement as described in this policy. If the purpose of the limited data set is for public health or health care Operations, then the DMH program area may proceed with the memorandum of agreement as described in this policy. The DMH Privacy Officer or his/her designee must approve the memorandum of agreement before the limited data set is provided to the requestor.