Skip to main content
. Author manuscript; available in PMC: 2014 Sep 1.
Published in final edited form as: Diagn Histopathol (Oxf). 2013 Sep;19(9):322–330. doi: 10.1016/j.mpdhp.2013.06.015

Table 3. Limited Dataset Under the Privacy Rule1.

A limited data set is described as health information that excludes certain, listed direct identifiers (see below) but that may include city; state; ZIP Code; elements of date; and other numbers, characteristics, or codes not listed as direct identifiers. The direct identifiers listed in the Privacy Rule's limited data set provisions apply both to information about the individual and to information about the individual's relatives, employers, or household members. The following identifiers must be removed from health information if the data are to qualify as a limited data set:

  1. Names.

  2. Postal address information, other than town or city, state, and ZIP ode.

  3. Telephone numbers.

  4. Fax numbers.

  5. Electronic mail addresses.

  6. Social security numbers.

  7. Medical record numbers.

  8. Health plan beneficiary numbers.

  9. Account numbers.

  10. Certificate/license numbers.

  11. Vehicle identifiers and serial numbers, including license plate numbers.

  12. Device identifiers and serial numbers.

  13. Web universal resource locators (URLs).

  14. Internet protocol (IP) address numbers.

  15. Biometric identifiers, including fingerprints and voiceprints.

  16. Full-face photographic images and any comparable images.

1

Excerpt taken from “Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule”. U.S. Department of Health and Human Services.