1. What constitutes "individually identifiable health information"?
2. What about information that does not identify an individual, is that individually identifiable health information?
3. Are there any tests for determining when "there is a reasonable basis to believe" the information can be used to identify the individual?
4. Has HHS provided any additional information on which constitutes "accepted statistical and scientific principles and methods for rendering information not individually identifiable"?
5. What is the "safe harbor" for determining that information cannot be used to identify a person?
6. What documentation is required when health care providers disclose "de-identified" information?