Industries & Practices

Health Care Industry

    Back

    HIPAA Privacy Regulations: Definitions - Data Aggregation - § 164.501

    As Contained in the HHS HIPAA Privacy Rules

     

    HHS Regulations
    Definitions - Data Aggregation - § 164.501

     

    Data aggregation means, with respect to protected health information created or received by a business associate in its capacity as the business associate of a covered entity, the combining of such protected health information by the business associate with the protected health information received by the business associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities.

     

    HHS Description
    Definitions - Data Aggregation

     

    The NPRM did not include a definition of data aggregation. In the final rule, data aggregation is defined, with respect to protected health information received by a business associate in its capacity as the business associate of a covered entity, as the combining of such protected health information by the business associate with protected health information received by the business associate in its capacity as a business associate of another covered entity, to permit the creation of data for analyses that relate to the health care operations of the respective covered entities. The definition is included in the final rule to help describe how business associates can assist covered entities to perform health care operations that involve comparative analysis of protected health information from otherwise unaffiliated covered entities. Data aggregation is a service that gives rise to a business associate relationship if the performance of the service involves disclosure of protected health information by the covered entity to the business associate.