When asked for clarification for the type of data being transferred for a DUA/DTUA here are the Definitions:
- De-identified data about human subjects: data collected from or about human subjects that are scrubbed of all 18 HIPAA identifiers. This can include data collected under standard of care.
- UCSD requires a DUA for outgoing de-identified data.
- Limited Data Set: a set of identifiable human subjects information as defined by HIPAA. This can include data collected under standard of care. Most of the 18 identifiers (direct identifiers) must be removed; only the following may remain:
- dates such as admission, discharge, service, DOB, DOD
- city, state, five digit or more zip code; and
- ages in years, months or days or hours
- Personally Identifiable Information - HIPAA: Protected Health Information or “PHI” including any of the direct identifiers as defined by HIPAA. This can include data collected under standard of care.
- Personally Identifiable Information - FERPA: identifiable information contained in educational records as defined and protected by the Family Educational Rights and Privacy Act (FERPA)
- Personally Identifiable Information - Common Rule Only: identifiable information collected from individuals who are the subject of research projects.
For more information: HIPAA Privacy Rule vs. Common Rule