HIPAA Privacy Regulations: Definitions - Data Aggregation - § 164.501
As Contained in the HHS HIPAA Privacy Rules
HHS Regulations |
Data aggregation means, with respect to protected health information created or received by a business associate in its capacity as the business associate of a covered entity, the combining of such protected health information by the business associate with the protected health information received by the business associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities.
HHS Description Definitions - Data Aggregation |
The NPRM did not include a definition of data aggregation. In the final rule, data aggregation is defined, with respect to protected health information received by a business associate in its capacity as the business associate of a covered entity, as the combining of such protected health information by the business associate with protected health information received by the business associate in its capacity as a business associate of another covered entity, to permit the creation of data for analyses that relate to the health care operations of the respective covered entities. The definition is included in the final rule to help describe how business associates can assist covered entities to perform health care operations that involve comparative analysis of protected health information from otherwise unaffiliated covered entities. Data aggregation is a service that gives rise to a business associate relationship if the performance of the service involves disclosure of protected health information by the covered entity to the business associate.