By clicking the checkbox prior to checking out this agreement is considered signed by anyone seeking to use data in the Hawaii Inpatient and Emergency Department Data sets maintained by Hawaii Health Information Corporation (HHIC) before access to the data can be granted. All data maintained by HHIC are confidential or proprietary except data specified for public release.
Hawaii Health Information Corporation Access to Data
The data and information provided by Hawaii Health Information Corporation are intended to support any individuals or entities engaged in activities designed to improve the quality and cost-efficiency of health care services provided to the people of Hawaii in keeping with HHIC’s goals.
This Data Use Agreement (“Agreement”) specifies the terms and conditions upon which HHIC will generate and provide the Data and User shall have access to use of the Data. The Data are owned by HHIC and rights to use the Data are granted pursuant to this Agreement. The Data are not sold to the User.
The Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and all amendments to the Act including amendments by the Health Information Technology For Economic and Clinical Health Act, Public Law 111-5, and all implementing regulations, are referred to as HIPAA collectively. For convenience, the User may refer to the current version of HIPAA at http://www.hhs.gov/ocr/hipaa; however the official versions are codified in the Public Laws and in the Code of Federal Regulations.
No Identification of Persons – This Agreement prohibits the User from identifying any person from the Data provided pursuant to this Agreement, whether done directly or indirectly (with the use of any outside information). Recipients of the Data are prohibited under the terms of this Agreement from analyzing, reviewing, releasing, disclosing, publishing, or presenting any individually identifying information obtained under this Agreement. If the User is provided a limited data set pursuant to this Agreement, as defined by HIPAA, HHIC omits from the data set all direct identifiers that are required to be excluded from limited data sets by the HIPAA Privacy Rule. It may be possible in limited situations, through deliberate technical analysis, and with outside information, to ascertain from the limited data sets the identity of particular persons. Considerable harm could ensue if this were to occur.
Therefore, any attempts to identify individuals are prohibited and information that could be used to identify individuals directly or by inference must not be released, disclosed, published or presented. Users of the Data are prohibited from contacting or making any attempt to contact individuals for any purpose, including verifying information supplied in the Data. Any questions about the data must be referred exclusively to HHIC.
The undersigned gives the following assurances with respect to the HHIC data/data set:
- I will not use and will prohibit others from using or disclosing the Data, except for aggregate analysis and aggregate statistical reporting, and only as permitted by this Agreement.
- I will ensure that the Data are kept in a secured environment in accordance with HIPAA and that only authorized users will have access to the Data in accordance with HIPAA.
- I will not release or disclose, and will prohibit others from releasing or disclosing, any Data that are individually identifiable, as that phrase is defined in HIPAA and that were disclosed to me pursuant to this Agreement.
- I will not release or disclose information where the number of observations (i.e., individual discharge records), in any given cell of tabulated data is less than or equal to 10.
- I will not release or disclose (i.e. share), and will prohibit others from releasing or disclosing, the Data (or any part) to another employee, individual, agent, consultant, or contractor of the organization for which I work or am contracted with, except with the prior written permission of HHIC.
- I will not attempt to link, and will prohibit others from attempting to link, the discharge records of persons included in the Data.
- I will not attempt to contact any person identified in the Data for any purpose.
- I will indemnify, defend, and hold harmless HHIC to the fullest extent permitted by Federal and state law from any or all claims and losses accruing to any person, organization, or other entity as a result of violation of this Agreement.
- I will make no statement and will prohibit others from making statements indicating or suggesting that interpretations drawn are those of the data sources or HHIC.
- I agree not to redistribute or publish the Data in its original format.
- I agree to use appropriate safeguards in compliance with HIPAA to prevent use or disclosure of the Data other than as permitted by this Agreement.
If HHIC provides a limited data set pursuant to this Agreement, I shall limit the use or receipt of the data set to the individuals who require access in order to perform activities permitted by this Agreement and in compliance with HIPAA. This Agreement must be signed by all users of the limited data set.
- I agree not to use or disclose the Data in any manner that would violate HIPAA in the same manner as if I were a covered entity pursuant as provided in HIPAA.
If HHIC provides a limited data set pursuant to this Agreement, I shall ensure that any agents, including contractors and subcontractors to whom I provide any part of the limited data set, agree in writing to be bound by the terms of this Agreement and shall provide to HHIC prior to providing such data set, a fully signed copy of this Agreement by the contractor or subcontractor as the case might be.
- I agree to report any violations of this Agreement to HHIC in writing, by facsimile or email, whether I committed such violations or another person who signed this Agreement at my request has committed such violations, within twenty-four hours (24 hours) of becoming aware of any such violations.
Publishing Data. User may publish Data that is in aggregate, de-identified form in reports provided that (1) any published reports or reports made available to the general public containing Data shall be provided to HHIC by User; (2) User will acknowledge in all reports based on these data that the source of the data is the “Hawaii Health Information Corporation;” and (3) User will make no statement nor permit others to make statements indicating or suggesting that interpretations drawn are those of data sources or HHIC.
HHIC does not certify data or reports that have been exported and altered. Any calculation errors are the responsibility of the individual, not HHIC.
Further, the User acknowledges and agrees that:
HHIC reserves the right to refuse to provide Data to User and in the event HHIC elects not to provide Data, HHIC’s only obligation and User’s only recourse shall be the refund of any fees paid by User to HHIC.
HHIC may, from time to time, modify its own data release policies.
HHIC reserves the right to withhold individual data elements if HHIC, in its sole discretion, determines that confidentiality of any data element may be compromised, or if the integrity of the data element is suspect or cannot be verified.
I understand that this Agreement is requested by the Hawaii Health Information Corporation to ensure compliance with all applicable policies, laws and regulations. My signature indicates my agreement to comply with the above-stated requirements with the knowledge that any violation of this Agreement may subject me to civil penalties, fines and other legal action. Further, violation of this Agreement will result in notification to all data providers of the violation, citing the hospital and/or consultant responsible for the violation. Violation by a consultant will result in restrictions on future data access. Violators of this Agreement may also be subject to penalties under Hawaii state confidentiality statutes and to HIPAA Privacy and Security rules that apply to these data.