The data protection rule allows a covered entity to disclose a «limited set of data,» what the rule calls a «limited set of data.» A limited data set is a set of identifiable health information that may be communicated by the relevant companies, without the patient`s prior written consent, with specific facilities for research, public health activities and health operations. 3.dem to prohibit recipients from the further use or disclosure of the information, unless the agreement so permits, or the law permits it; 4. request the recipient to take appropriate security measures to prevent any unauthorized use or disclosure that is not provided for in the agreement; A BAA is required when data is intended to be transferred or shared and contains direct identifiers or PHI such as: names, postal addresses, telephone and fax numbers, e-mail addresses, social security numbers, medical numbers, vehicle identification/serial numbers, license plates, biometric identifiers (e.g. .B.B. – language fingerprints) and photographic images. Have you signed business contracts? If not, you are in danger! To learn more about counterparty agreements, click here. A counterparty agreement is a contract between the covered company and the counterparty that submitted such insurance in writing. . . .