(410 ILCS 305/9.8) Sec. 9.8. Disclosure of limited data sets and de-identified information. Notwithstanding the provisions of Sections 9 and 10 of this Act: (1) a covered entity may, without a patient's consent, create, use, and disclose a |
| limited data set using HIV-related information from a patient's record or disclose HIV-related information from a patient's record to a business associate for the purpose of establishing a limited data set; the creation, use, and disclosure of such a limited data set must comply with the requirements set forth under HIPAA;
|
|
(2) a covered entity may, without a patient's consent, create, use, and disclose
|
| de-identified information using information from a patient's record that is subject to this Act or disclose HIV-related information from a patient's record to a business associate for the purpose of de-identifying the information; the creation, use, and disclosure of such de-identified data must comply with the requirements set forth under HIPAA. A covered entity or a business associate may disclose information that is de-identified; and
|
|
(3) the recipient of de-identified information shall not re-identify de-identified
|
| information using any public or private data source.
|
|
(Source: P.A. 98-1046, eff. 1-1-15.)
|